Nov 5 23:02:38 bluebird sendmail[16695]: hA642aR16695: POSSIBLE ATTACK from ANantes-106-1-18-206.w81-49.abo.wanadoo.fr: newline in string "geqigpuayu^M "
...but of course, the IP/hostname changes nearly every time. There's no consistent pattern.
I'd say these have gone from one per week to fifteen or twenty per day over the course of the last week. Is anyone else seeing this?
I hope and assume that the fact that sendmail is logging these means that it is catching attempts on a vulnerabilty which has now been patched. (This is a fully-patched Qube3, the only exception being that I'm using Michael's sendmail patch rather than Sun Cobalt's.)
Does anyone have suggestions for response? A quick ipchains script to lock out the source IP? Or do I just sit tight, cross my fingers, and hope they haven't found something in sendmail that we don't know about?
Thanks, pjm
Attachment:
PGP.sig
Description: This is a digitally signed message part