MMS Notification (fwd)

From: Derek Kwan (dkwanat_private)
Date: Tue Sep 25 2001 - 10:33:57 PDT

Next message: Yonatan Bokovza: "RE: Web Application Testers."

Previous message: Jerome Tytgat: "RE: Cisco PIX Firewall MailGuard Vulnerability"
Next in thread: Stanley G. Bubrouski: "Re: MMS Notification (fwd)"
Reply: Stanley G. Bubrouski: "Re: MMS Notification (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---------- Forwarded message ----------
Date: Tue, 25 Sep 2001 10:09:22 -0700
To: Derek Kwan <dkwanat_private>
Subject: MMS Notification


	<rnieuwhofat_private>

attached mail follows:

---------- Forwarded message ---------- Date: 24 Sep 2001 18:06:20 -0000 From: bugtraq-ownerat_private To: dkwanat_private Subject: Returned post for bugtraqat_private Hi! This is the ezmlm program. I'm managing the bugtraqat_private mailing list. I'm working for my owner, who can be reached at bugtraq-ownerat_private I'm sorry, your message (enclosed) was not accepted by the moderator. If the moderator has made any comments, they are shown below. >>>>> -------------------- >>>>> Hmm, strange. Post this to vuln-devat_private or focus-msat_private <<<<< -------------------- <<<<< [INFO] -- Virus Manager: This email message and any attachments have been scanned for viruses and are believed to be free of any virus.

attached mail follows:

Today I have rebooted one of my WinME box (haven't reboot this box for alteast 3 months!) because I need to replace a CPU Fan. After the 'operation' (a very dusty one) WinME booted as expacted and I just turn off the montor and walked away. Then after dinner, as one my regular 'hobby' (I think I need a life) I was checking my MRTG chart and logs. Noticed something from my Internal network was hammering my Server. A futher study shows my freshly rebooted WinME keeps requesting a "identd.cab" from my web server. So I went back to my WinME machine and check on ZoneAlarm (thx!) and notice a process name "Microsoft Qmgr" is accessing the network, so quickly I stopped the app. Seems like MS Qmgr is keep requesting identd.cab from my web server for the past 3 Hours (and 4 minutes 31 seconds) and have 255259 request from my access_log! Not sure what the heck is Qmgr, and a search on Internet, found this link:- http://www.langa.com/newsletters/2001/2001-09-17.htm#5 Hopefully this info is going to be helpful for someone.... Gosh, if I didn't check my server, it will fill up my log disk pretty quick! Now my question is why the heck Qmgr is looking for identd.cab from my server? Hummmm.... Derek \|/ _____ \|/ *************************************************** "@'/ , . \`@" This e-mail is send with 100% recyclable electrons. /_| \___/ |__\ *************************************************** \___U_/ Derekat_private

Next message: Yonatan Bokovza: "RE: Web Application Testers."
Previous message: Jerome Tytgat: "RE: Cisco PIX Firewall MailGuard Vulnerability"
Next in thread: Stanley G. Bubrouski: "Re: MMS Notification (fwd)"
Reply: Stanley G. Bubrouski: "Re: MMS Notification (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 25 2001 - 11:04:05 PDT