Security Incidents mailing list archives
Re: what is this?
From: Sami Haahtinen <Sami.Haahtinen () ATK-ANTTI COM>
Date: Fri, 11 Aug 2000 10:59:00 +0300
Check your system, can anyone relay trough it. also check your mail-queue, it usually is a positive sign of an known open relay if it's full of mail not sent by your system or authorized systems. also check if you are listed at orbs or other systems like that. i would suspect an open relay from these messages... (well not if you have sent those mails to all of those aol.com addresses.) Regards, Sami Haahtinen C wrote:
Hi, Last night my logcheckd come up with the following: Active System Attack Alerts =-=-=-=-=-=-=-=-=-=-=-=-=-= Aug 9 18:27:07 main sendmail[20202]:SAA20194: to=<ztattack11 () aol com>,<zpb316 () aol com>,<zotzum () aol com>,<zosom0 () aol com>,<zipper032563 () aol com>,<zion808 () aol com>,<zigmo123 () aol com>,<ziggy3131 () aol com>,<zi69 () aol com>,<zerogoals () aol com>, delay=00:00:06, xdelay=00:00:00, mailer=relay, relay=my.isp.ro. [xxx.xxx.xxx.xxx], stat=Sent (ok 965834789 qp 24507 accepted for delivery to /dev/null. Thank you.) Aug 9 18:27:07 main sendmail[20202]: SAA20194: to=<ztattack11 () aol com>,<zpb316 () aol com>,<zotzum () aol com>,<zosom0 () aol com>,<zipper032563 () aol com>,<zion808 () aol com>,<zigmo123 () aol com>,<ziggy3131 () aol com>,<zi69 () aol com>,<zerogoals () aol com>, delay=00:00:06, xdelay=00:00:00, mailer=relay, relay=my.isp.ro. [xxx.xxx.xxx.xxx], stat=Sent (ok 965834789 qp 24507 accepted for delivery to /dev/null. Thank you.) Please, I want your comments. Thank you!
-- If all else Fails, Read the manual... || Sami Haahtinen || ATK-Antti Oy || Sami.Haahtinen () atk-antti com ||
Current thread:
- what is this? C (Aug 10)
- Re: what is this? Sami Haahtinen (Aug 13)
- Re: what is this? Matthew S. Hallacy (Aug 18)
- Re: what is this? Sami Haahtinen (Aug 13)