Re: Real-world attacks on sendmail CA-2003-07 seen

From: gabriel rosenkoetter (grat_private)
Date: Mon Mar 10 2003 - 18:30:56 PST

Next message: Loki: "Snort Signatures for LSD-PL.NET Exploit"

Previous message: Robin Lynn Frank: "Re: Port 3335"
In reply to: Juan Gallego: "Re: Real-world attacks on sendmail CA-2003-07 seen"
Next in thread: Barry Kokotailo: "RE: Real-world attacks on sendmail CA-2003-07 seen"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Mar 10, 2003 at 03:56:22PM -0500, Juan Gallego wrote:
> i have to agree. althought i don't have the original messages, i happen to
> log email subjects, and they have spam written all over them.

Hrm.

Worth noting, perhaps, that the intelligent cracker (as opposed to
the script kiddie) will craft port 25 exploits specifically *to*
look like spam in your logs...

If you have to ask if you're being paranoid enough, you're not.

Source addresses are pretty much meaningless in this case. If it's
an open relay, it's just as good for the exploit as it is for spam.
Whoops.

Cheers...

-- 
gabriel rosenkoetter
grat_private

application/pgp-signature attachment: stored

Next message: Loki: "Snort Signatures for LSD-PL.NET Exploit"
Previous message: Robin Lynn Frank: "Re: Port 3335"
In reply to: Juan Gallego: "Re: Real-world attacks on sendmail CA-2003-07 seen"
Next in thread: Barry Kokotailo: "RE: Real-world attacks on sendmail CA-2003-07 seen"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Mar 11 2003 - 08:53:49 PST