Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Funny smtp helo in the logs
From: Kenneth Ng <kenneth.d.ng () gmail com>
Date: Sun, 30 Oct 2005 23:38:33 -0400

Well, spammers are taking advantage of the old "be liberal in what you
accept" coding motif.

On 10/30/05, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote:

On Sun, 30 Oct 2005 12:39:52 +0530, Aditya Deshmukh said:

124 09/10/2005 09:54:35 HELO -1209283632 ---> 250 my.smtp.domain.server

I'm not sure which is sadder, that the spamware is totally untested and
buggy,
or that so many sites will accept this syntactically invalid HELO command
that
the spammers weren't forced to fix their code.....

And yes, it looks like somebody did an 'sprintf("HELO %d",my_ip_addr);'
without bothering to check what that produced....


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault