Those are typical holes in earlier versions of sendmail that have
since been closed in most incarnations. It was a breakin attempt,
albeit not a particularly concerted one. I would suggest, however,
installing Berkeley sendmail 8.6.12 (from ftp.cs.berkeley.edu).
-Josh Hartmann
Time Inc. New Media
josh @
the-tech .
mit .
edu
> I need some expert advice. The following showed up in the root mailbox
> this morning. Is it an attempt to break in via sendmail? Was it successful?
> (I can't see any evidence of success, but that doesn't mean anything.) Is it
> possible to tell if the message was incoming or outgoing?
>
>
> From root Thu Aug 24 16:39 EDT 1995
> Return-Path: <Mailer-Daemon>
> Received: by sun811 (5.x/SMI-SVR4)
> id AB02489; Thu, 24 Aug 1995 16:39:20 -0400
> Date: Thu, 24 Aug 1995 16:39:20 -0400
> From: Mailer-Daemon (Mail Delivery Subsystem)
> Subject: Returned mail: User unknown
> Message-Id: <9507282039 .
AB02489 @
sun811>
> To: Postmaster
> Content-Type: text
> Content-Length: 343
> X-Lines: 18
> Status: RO
>
> ----- Transcript of session follows -----
> <<< VRFY guest
> 550 guest... User unknown
> <<< VRFY decode
> 550 decode... User unknown
> <<< VRFY bbs
> 550 bbs... User unknown
> <<< VRFY lp
> <<< VRFY uudecode
> 550 uudecode... User unknown
> <<< wiz
> 500 Command unrecognized
> <<< debug
> 500 Command unrecognized
> <<< QUIT
>
> ----- No message was collected -----
>
> All I know about security is what I've picked up here and I've never seen
> anything like this before. Any opinions or advice would be appreciated.
>
> TIA
>
> John Balch
> GPS Technologies Inc.
> 25 Enterprise Center
> Middletown RI 02842
>
> --Boundary (ID pKdyibW9cXBRV4vgrEK8Kg)--
>
References:
|
|
