[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Fwd: ACTIVE SYSTEM ATTACK! (?)

Subject: [cobalt-security] Fwd: ACTIVE SYSTEM ATTACK! (?)
From: Dan Keller <cobalt@xxxxxxxxxx>
Date: Sat, 23 Nov 2002 13:20:29 -0800
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Dear Cobalt Security Guri,

Attached below please see a message I received from
the log monitoring program on my RaQ2.  I use
logcheck 1.1.1.

I don't recall ever seeing a message with "ACTIVE
SYSTEM ATTACK!" in the subject line and wonder
if it might be bogus.  What do you think?

Also, the log entry about which logcheck complains
looks harmless to me;  is it?  If I'm reading it right,
I believe that what it's reporting is a refusal to relay
Rumanian spam, not at all unusual;  am I interpreting
this correctly?

Thanks muchly for sage advice!

Dan Keller
cobalt@xxxxxxxxxx

>Date: Fri, 22 Nov 2002 04:01:18 -0800
>From: Root <root@xxxxxxxxxxxxxx>
>To: root@xxxxxxxxxxxxxx
>Subject: www.keller.com 11/22/02:04.01 ACTIVE SYSTEM ATTACK!
>X-Status: 
>X-Keywords:                 
>
>Active System Attack Alerts
>=-=-=-=-=-=-=-=-=-=-=-=-=-=
>Nov 22 03:25:54 www sendmail[2360]: DAA02360: from=<abbyk@xxxxxxxxx>, size=1124, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[200.4.100.2]
>
>Security Violations
>=-=-=-=-=-=-=-=-=-=
>Nov 22 03:25:54 www sendmail[2360]: DAA02360: from=<abbyk@xxxxxxxxx>, size=1124, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[200.4.100.2]

Follow-Ups:
- Re: [cobalt-security] Fwd: ACTIVE SYSTEM ATTACK! (?)
  - From: Steve Werby

Prev by Date: Re: [cobalt-security] DNS errors [OT]
Next by Date: Re: [cobalt-security] Fwd: ACTIVE SYSTEM ATTACK! (?)
Previous by thread: Re: [cobalt-security] DNS errors [OT]
Next by thread: Re: [cobalt-security] Fwd: ACTIVE SYSTEM ATTACK! (?)

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index