MMS Notification (fwd)
From: Derek Kwan (dkwan@KWAN.ca)Date: 09/25/01
- Previous message: Jerome Tytgat: "RE: Cisco PIX Firewall MailGuard Vulnerability"
- Next in thread: Stanley G. Bubrouski: "Re: MMS Notification (fwd)"
- Reply: Stanley G. Bubrouski: "Re: MMS Notification (fwd)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 25 Sep 2001 13:33:57 -0400 (EDT) From: Derek Kwan <dkwan@KWAN.ca> To: vuln-dev@securityfocus.com Subject: MMS Notification (fwd) Message-ID: <Pine.LNX.4.10.10109251333470.17263-110000@KWAN.ca>
---------- Forwarded message ----------
Date: Tue, 25 Sep 2001 10:09:22 -0700
To: Derek Kwan <dkwan@KWAN.ca>
Subject: MMS Notification
attached mail follows:
Date: Mon, 24 Sep 2001 18:40:43 -0400 (EDT) From: "Derek Kwan" <dkwan@KWAN.ca> To: focus-ms@securityfocus.com Subject: Returned post for bugtraq@securityfocus.com (fwd) Message-ID: <Pine.LNX.4.10.10109241840370.8673-110000@KWAN.ca>
---------- Forwarded message ----------
Date: 24 Sep 2001 18:06:20 -0000
From: bugtraq-owner@securityfocus.com
To: dkwan@KWAN.ca
Subject: Returned post for bugtraq@securityfocus.com
Hi! This is the ezmlm program. I'm managing the
bugtraq@securityfocus.com mailing list.
I'm working for my owner, who can be reached
at bugtraq-owner@securityfocus.com.
I'm sorry, your message (enclosed) was not accepted by the moderator.
If the moderator has made any comments, they are shown below.
>>>>> -------------------- >>>>>
Hmm, strange. Post this to vuln-dev@securityfocus.com or
focus-ms@securityfocus.com.
<<<<< -------------------- <<<<<
[INFO] -- Virus Manager:
This email message and any attachments have been scanned for viruses and are believed to be free of any virus.
attached mail follows:
Date: Sun, 23 Sep 2001 20:20:24 -0400 (EDT) From: "Derek Kwan" <dkwan@KWAN.ca> To: bugtraq@securityfocus.com Subject: Microsoft Qmgr Message-ID: <Pine.LNX.4.10.10109232012001.31191-100000@KWAN.ca>
Today I have rebooted one of my WinME box (haven't reboot this box for
alteast 3 months!) because I need to replace a CPU Fan.
After the 'operation' (a very dusty one) WinME booted as expacted and I
just turn off the montor and walked away.
Then after dinner, as one my regular 'hobby' (I think I need a life) I was
checking my MRTG chart and logs. Noticed something from my Internal
network was hammering my Server. A futher study shows my freshly rebooted
WinME keeps requesting a "identd.cab" from my web server.
So I went back to my WinME machine and check on ZoneAlarm (thx!) and
notice a process name "Microsoft Qmgr" is accessing the network, so
quickly I stopped the app.
Seems like MS Qmgr is keep requesting identd.cab from my web server for
the past 3 Hours (and 4 minutes 31 seconds) and have 255259 request from
my access_log!
Not sure what the heck is Qmgr, and a search on Internet, found this
link:-
http://www.langa.com/newsletters/2001/2001-09-17.htm#5
Hopefully this info is going to be helpful for someone....
Gosh, if I didn't check my server, it will fill up my log disk pretty
quick!
Now my question is why the heck Qmgr is looking for identd.cab from my
server? Hummmm....
Derek
\|/ _____ \|/ ***************************************************
"@'/ , . \`@" This e-mail is send with 100% recyclable electrons.
/_| \___/ |__\ ***************************************************
\___U_/ Derek@KWAN.ca
- Previous message: Jerome Tytgat: "RE: Cisco PIX Firewall MailGuard Vulnerability"
- Next in thread: Stanley G. Bubrouski: "Re: MMS Notification (fwd)"
- Reply: Stanley G. Bubrouski: "Re: MMS Notification (fwd)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
