At 8:00 AM 8/25/95, John Balch wrote:
>I need some expert advice. The following showed up in the root mailbox
>this morning. Is it an attempt to break in via sendmail? Was it successful?
>(I can't see any evidence of success, but that doesn't mean anything.) Is it
>possible to tell if the message was incoming or outgoing?
>
>
>>From root Thu Aug 24 16:39 EDT 1995
>Return-Path: <Mailer-Daemon>
>Received: by sun811 (5.x/SMI-SVR4)
> id AB02489; Thu, 24 Aug 1995 16:39:20 -0400
>Date: Thu, 24 Aug 1995 16:39:20 -0400
>From: Mailer-Daemon (Mail Delivery Subsystem)
>Subject: Returned mail: User unknown
>Message-Id: <9507282039 .
AB02489 @
sun811>
>To: Postmaster
>Content-Type: text
>Content-Length: 343
>X-Lines: 18
>Status: RO
>
> ----- Transcript of session follows -----
><<< VRFY guest
>550 guest... User unknown
><<< VRFY decode
>550 decode... User unknown
><<< VRFY bbs
>550 bbs... User unknown
><<< VRFY lp
><<< VRFY uudecode
>550 uudecode... User unknown
><<< wiz
>500 Command unrecognized
><<< debug
>500 Command unrecognized
><<< QUIT
>
> ----- No message was collected -----
>
>All I know about security is what I've picked up here and I've never seen
>anything like this before. Any opinions or advice would be appreciated.
>
>TIA
>
>John Balch
>GPS Technologies Inc.
>25 Enterprise Center
>Middletown RI 02842
Yes, it is a break-in attempt, but they didn't get in through some obvious
old holes. You might go looking at your syslog file and check out the mail
sent around the time that this message was sent.
-----
Thank You,
Daniel W. Woycke
The MITRE Corporation
7525 Colshire Drive (MS Z231)
McLean, VA 22102
woycke @
smiley .
mitre .
org
|
|
