Security Incidents mailing list archives
Re: FW: Postmaster notify: User unknown
From: Nexus <nexus () PATROL I-WAY CO UK>
Date: Tue, 19 Dec 2000 08:42:11 -0000
Hi folks,
Could be a brute force attempt to enumerate valid usernames, or maybe
somethings silly like that - do you have the full, original SMTP header at
all ?
ie they may have been playing with the reply to: field and the like.
That would be very useful in trying to establish what has occured.
It is odd that you rec'd a bounced mail from a hotmail address
Regards,
JJ
----- Original Message -----
From: "Paul Snedden" <psnedden () GBMLOGIC COM AU>
To: <INCIDENTS () SECURITYFOCUS COM>
Sent: Tuesday, December 19, 2000 1:14 AM
Subject: FW: Postmaster notify: User unknown
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All, This mail appeared in my Inbox last Friday morning. I present this unto you all for your evaluation and recommendation. I believe an intruder has accessed my email server for their own purposes. Am I correct?-----Original Message----- From: Mail Delivery Subsystem [mailto:MAILER-DAEMON () nsw gbmlogic com au] Sent: Thursday, December 14, 2000 9:53 PM To: postmaster () nsw gbmlogic com au Subject: Postmaster notify: User unknown The original message was received at Thu, 14 Dec 2000 21:53:06 +1100 from localhost ----- The following addresses had permanent fatal errors ----- <davidputty12 () hotmail com> ----- Transcript of session follows ----- ... while talking to mc5.law5.hotmail.com.:RCPT To:<davidputty12 () hotmail com><<< 550 Requested action not taken:user account inactive 550 <davidputty12 () hotmail com>... User unknown-----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.1 Int. for non-commercial use <http://www.pgpinternational.com> iQA/AwUBOj4p0Xz2HXQUsCJOEQKSMgCgnY0fIToqS2kPqXjbdEZEQ2EXESUAoMm5 SQA//mRJpICpBtF8uBuXY0wh =OZhA -----END PGP SIGNATURE-----
____________________________________________ http://1cis.com Free E-mail Servers with unlimited mailboxes 1st Class Internet Solutions
Current thread:
- FW: Postmaster notify: User unknown Paul Snedden (Dec 18)
- Re: FW: Postmaster notify: User unknown Jay D. Dyson (Dec 19)
- Re: FW: Postmaster notify: User unknown Mike Lewinski (Dec 19)
- Re: FW: Postmaster notify: User unknown Mark Durham (Dec 19)
- Re: FW: Postmaster notify: User unknown Nexus (Dec 19)
- Re: FW: Postmaster notify: User unknown Jim Roland (Dec 19)
- Re: FW: Postmaster notify: User unknown RC (Dec 19)
- Re: FW: Postmaster notify: User unknown Jim Roland (Dec 19)
- <Possible follow-ups>
- Re: Postmaster notify: User unknown Mark Collins (Dec 19)
- Re: Postmaster notify: User unknown Jay D. Dyson (Dec 19)
- Re: FW: Postmaster notify: User unknown Jay D. Dyson (Dec 19)