Security Incidents: Re: Real-world attacks on sendmail CA-2003-07 seen

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: Real-world attacks on sendmail CA-2003-07 seen

From: gabriel rosenkoetter <gr () eclipsed net>
Date: Mon, 10 Mar 2003 21:30:56 -0500

On Mon, Mar 10, 2003 at 03:56:22PM -0500, Juan Gallego wrote:

i have to agree. althought i don't have the original messages, i happen to
log email subjects, and they have spam written all over them.


Hrm.

Worth noting, perhaps, that the intelligent cracker (as opposed to
the script kiddie) will craft port 25 exploits specifically *to*
look like spam in your logs...

If you have to ask if you're being paranoid enough, you're not.

Source addresses are pretty much meaningless in this case. If it's
an open relay, it's just as good for the exploit as it is for spam.
Whoops.

Cheers...

-- 
gabriel rosenkoetter
gr () eclipsed net

Attachment: _bin
Description:

By Date By Thread

Current thread:

worm/Trojans are taking advantage of default path of Windows, (continued)
- Re: Real-world attacks on sendmail CA-2003-07 seen jlewis (Mar 10)
  - Re: Real-world attacks on sendmail CA-2003-07 seen Bennett Todd (Mar 10)
    - Re: Real-world attacks on sendmail CA-2003-07 seen Juan Gallego (Mar 10)
    - Re: Real-world attacks on sendmail CA-2003-07 seen gabriel rosenkoetter (Mar 11)
- Re: Real-world attacks on sendmail CA-2003-07 seen Curt Wilson (Mar 10)
- RE: Real-world attacks on sendmail CA-2003-07 seen Barry Kokotailo (Mar 10)
  - Re: Real-world attacks on sendmail CA-2003-07 seen Bennett Todd (Mar 10)
  - Re: Real-world attacks on sendmail CA-2003-07 seen james (Mar 10)