Security Incidents mailing list archives
Re: HELO/EHLP attack?.
From: "Michal 'CeFeK' Nazarewicz" <cefek () CAREER PL>
Date: Tue, 8 Aug 2000 09:53:21 +0200
On Fri, 4 Aug 2000, Michal Zalewski wrote:
Nah, it's more likely an ancient Sendmail vulnerability found by me (see BUGTRAQ archives) with extremely long EHLO / HELO parameter; it allows attacker to hide his hostname and IP in SMTP headers (it has been fixed in 8.8.8, I think, and this log message has been introduced).
It's a "feature" used by some common mail bombing programs, eg. njordbomb. Check if anyone tried to use your server as a relay for his revenge. -- MichaĆ Nazarewicz / Career Online, DK Group
Current thread:
- Re: HELO/EHLP attack?., (continued)
- Re: HELO/EHLP attack?. Ryan Yagatich (Aug 04)
- Re: HELO/EHLP attack?. Valdis Kletnieks (Aug 07)
- Re: HELO/EHLP attack?. Michal Zalewski (Aug 07)
- dos from .kr, plus some classic .kr irresponsibility Jason Storm (Aug 07)
- Re: dos from .kr, plus some classic .kr irresponsibility Russell Fulton (Aug 08)
- Re: dos from .kr, plus some classic .kr irresponsibility Maddy (Aug 09)
- Re: dos from .kr, plus some classic .kr irresponsibility Dan Hollis (Aug 09)
- Re: dos from .kr, plus some classic .kr irresponsibility Jose Nazario (Aug 10)
- Re: dos from .kr, plus some classic .kr irresponsibility Dan Hollis (Aug 10)
- Re: dos from .kr, plus some classic .kr irresponsibility Dan Hollis (Aug 10)
- Re: HELO/EHLP attack?. Ryan Yagatich (Aug 04)