LinuxSA Mailing list archives
Index:
[thread]
[date]
[subject]
[author]
[stats]
From: Alan Kennington <akenning@dog.topology.org>
To : LinuxSA <linuxsa@linuxsa.org.au>
Date: Sat, 9 Dec 2000 02:05:51 +1030
attack against sendmail - clues?
Has anyone seen anything like this in their
/var/log/maillog file before?
===============================================
Dec 8 23:01:43 dog sendmail[1164]: NOQUEUE: c18-p38.senet.com.au [203.152.253.167]: expn
Dec 8 23:01:46 dog sendmail[1165]: NOQUEUE: c18-p38.senet.com.au [203.152.253.167]: expn guest
Dec 8 23:01:50 dog sendmail[1166]: NOQUEUE: c18-p38.senet.com.au [203.152.253.167]: expn root
Dec 8 23:01:53 dog sendmail[1167]: NOQUEUE: c18-p38.senet.com.au [203.152.253.167]: expn dog
Dec 8 23:01:56 dog sendmail[1168]: NOQUEUE: c18-p38.senet.com.au [203.152.253.167]: expn alan
Dec 8 23:01:58 dog sendmail[1163]: NOQUEUE: c18-p38.senet.com.au [203.152.253.167]: EXPN attack?
Dec 8 23:01:59 dog sendmail[1169]: NOQUEUE: c18-p38.senet.com.au [203.152.253.167]: expn allan
Dec 8 23:02:02 dog sendmail[1170]: NOQUEUE: c18-p38.senet.com.au [203.152.253.167]: expn ak
Dec 8 23:02:08 dog sendmail[1171]: NOQUEUE: c18-p38.senet.com.au [203.152.253.167]: expn kenning
Dec 8 23:02:14 dog sendmail[1172]: NOQUEUE: c18-p38.senet.com.au [203.152.253.167]: expn akenning
Dec 8 23:02:48 dog sendmail[1173]: NOQUEUE: c18-p38.senet.com.au [203.152.253.167]: expn bin
Dec 8 23:02:53 dog sendmail[1174]: NOQUEUE: c18-p38.senet.com.au [203.152.253.167]: expn daemon
Dec 8 23:03:02 dog sendmail[1175]: NOQUEUE: c18-p38.senet.com.au [203.152.253.167]: vrfy akenning
===============================================
[I'm not worried about the "=" characters. I added those!]
Someone at SENet mounted a rather nasty attack against my
machines, and this was just part of it.
They had a go at my ssh, rlogin, rexec and many other ports too.
But does anyone happen to know if there is some vulnerability
in sendmail that these people might be attacking?
I've updated my sendmail software reasonably recently.
Cheers,
Alan Kennington.
------------------------------------------
PS. I've found a rather interesting bug in the iso9660
file system software, which is present in both kernel 2.2.16
and 2.4.0-test1-ac21.
I'll let you all in on it when I've got a minimal program
to generate the bug.
The bug involves files over 64*1024*1024 bytes being
exactly 64*1024*1024 bytes too short when viewed in linux,
but being correct in wind98 and wind2000.
I've discussed it with the mkisofs author.
While I'm trying to find time to isolate the bug, if anyone
else has experienced this bug, please let me know.
It doesn't always happen for > 64 MByte files. Only sometimes.
But the result is that archived long files on a CD writer
could be faulty when read back in linux.
The mkisofs/cdrecord author has a low opinion of linux!
--
LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject
Index:
[thread]
[date]
[subject]
[author]
[stats]
Return to the LinuxSA Mailing List Information Page