Is there a snort signature out for this as of yet? Barry W. Kokotailo RET/CSA/CSNA/CISSP Information Technology Security Specialist Edmonton Public School Board Off: 1-780-429-8592 Cell: 1-780-905-6204 PGP Fingerprint: 1024/6D66B30C 65 0A EF 1A 20 59 C7 FA 6D A2 AB 6C 76 22 2D 93 6D 66 B3 0C -----Original Message----- From: jlewisat_private [mailto:jlewisat_private] Sent: Friday, March 07, 2003 8:32 PM To: Bennett Todd Cc: incidentsat_private Subject: Re: Real-world attacks on sendmail CA-2003-07 seen On Fri, 7 Mar 2003, Bennett Todd wrote: > We logged received msgs that triggered the truncator code this > morning at about 3 in the morning, US/Eastern; three different > attacks spread over two different MX hosts. I've seen several of these too. Were yours from the same or similar hosts, or all from different sources? ---------------------------------------------------------------------- Jon Lewis *jlewisat_private*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A> ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
This archive was generated by hypermail 2b30 : Mon Mar 10 2003 - 12:04:47 PST