RE: Real-world attacks on sendmail CA-2003-07 seen

Is there a snort signature out for this as of yet?

Barry W. Kokotailo RET/CSA/CSNA/CISSP
Information Technology Security Specialist
Edmonton Public School Board
Off: 1-780-429-8592
Cell: 1-780-905-6204
PGP Fingerprint:
1024/6D66B30C
65 0A EF 1A 20 59 C7 FA 6D A2 AB 6C 76 22 2D 93 6D 66 B3 0C

-----Original Message-----
From: jlewis_at_lewis.org [mailto:jlewis_at_lewis.org]
Sent: Friday, March 07, 2003 8:32 PM
To: Bennett Todd
Cc: incidents_at_securityfocus.com
Subject: Re: Real-world attacks on sendmail CA-2003-07 seen

On Fri, 7 Mar 2003, Bennett Todd wrote:

> We logged received msgs that triggered the truncator code this
> morning at about 3 in the morning, US/Eastern; three different
> attacks spread over two different MX hosts.

I've seen several of these too. Were yours from the same or similar
hosts, or all from different sources?

----------------------------------------------------------------------
 Jon Lewis *jlewis_at_lewis.org*| I route
 System Administrator | therefore you are
 Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure">
http://www.securityfocus.com/stillsecure </A>

----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
Received on Mar 10 2003