[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] POSSIBLE ATTACK newline in string
- Subject: Re: [cobalt-security] POSSIBLE ATTACK newline in string
- From: "James Zawacki" <jzawacki@xxxxxxxxxxxxxx>
- Date: Thu, 05 Feb 2004 07:09:51 -0600
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hello,
If I remember correct, it is a very OLD exploit in sendmail. Well, so old that sendmail tells you that someone is trying to exploit it. I usually don't pay much attention to them, but if it lists an IP (as yours does) I add it to my ipchains block list.
James
The following message was sent by "Simon Wilson" <simon@xxxxxxxxxxxxx> on Thu, 5 Feb 2004 11:23:49 -0000.
> Does anyone know what these are I seem to be getting quite alot of these
> at the moment?
>
> Active System Attack Alerts
>
> Feb 5 01:32:07 ns1 sendmail[8467]: i151W6908467: POSSIBLE ATTACK from
> [220.79.92.45]: newline in string "wcuvbpqbpv^M "
>
> Feb 5 01:36:51 ns1 sendmail[8639]: i151ap908639: POSSIBLE ATTACK from
> cpe-68-118-242-190.ma.charter.com: newline in string "krxyjowdvq^M "
>
> Thanks
>
> Simon
>
---------------------------------------------------------------
http://www.customlynx.com - Low cost web authoring and hosting!
Get your FREE E-mail address or give them out! (culymail.com)