[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] What does sendmail exploit look like in logs?

Subject: RE: [cobalt-users] What does sendmail exploit look like in logs?
From: "Dan Kriwitsky" <list1@xxxxxxxxxxxxxxxxxxxx>
Date: Thu Mar 6 13:44:02 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> Just started getting flooded with these...is this the result 
> of the latest
> sendmail exploit?
> 
> Mar  6 11:25:04 gizmo sendmail[9626]: NOQUEUE: 
> nobody@[64.224.219.95] did
> not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
> Mar  6 12:13:27 gizmo sendmail[12572]: NOQUEUE: 
> [218.0.249.183] did not
> issue MAIL/EXPN/VRFY/ETRN during connection to MTA

Weren't there other lines with those IP addresses? 218.0.249.183 is an
open port 8080 server sending spam. The other I would guess may have
been trying to VRFY for a dictionary attack. See if you can find 9626
elsewhere up in the log with a No such user here message.

-- 
C2003 Dan Kriwitsky

Please reply to the list only. Off list replies are not read.

Follow-Ups:
- Re: [cobalt-users] What does sendmail exploit look like in logs?
  - From: Paul Warner

References:
- [cobalt-users] What does sendmail exploit look like in logs?
  - From: Paul Warner

Prev by Date: [cobalt-users] Re: What does sendmail exploit look like in logs?
Next by Date: Re: [cobalt-users] mysqladmin not working with PkgMaster RaQ3-RaQ4-MySQL-3.23.54-1.pkg
Previous by thread: Re: [cobalt-users] Re: What does sendmail exploit look like in logs?
Next by thread: Re: [cobalt-users] What does sendmail exploit look like in logs?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index