Security Incidents mailing list archives
Re: VRFY 000.000@my.domain
From: mtinberg () MADISON TEC WI US (Mark Tinberg)
Date: Mon, 22 May 2000 09:52:13 -0500
I saw something like this awhile ago, from some server in an Exodus facility. Possibly some network analyzer? Here is the snippet from my old logs. May 1 04:10:53 mail sendmail[17672]: NOQUEUE: [216.35.49.170]: VRFY 00000096@ma dison.tec.wi.us [rejected] Apr 27 09:26:12 mail sendmail[7261]: NOQUEUE: [216.35.49.170]: VRFY 0000005580@m adison.tec.wi.us [rejected] Apr 18 20:20:39 mail sendmail[6359]: NOQUEUE: [216.35.49.170]: VRFY 0-pony-0@mad ison.tec.wi.us [rejected] Apr 22 22:57:33 mail sendmail[32653]: NOQUEUE: [216.35.49.170]: VRFY 000.000@mad ison.tec.wi.us [rejected]
Eduardo Escalante 05/22/00 03:40 AM >>>
I recently got a few times some odd security alerts: VRFY 000.000@my.domain VRFY 00000096@my.domain VRFY 000001@my.domain VRFY 00000219@my.domain VRFY 0000028252@my.domain Different days from the same IP. I doubt they were looking for valid users and half suspect some sort of weird Internet tool ( ala 3DNS). Maybe it is checking for a trojan? Similar logs or info about it (or guesses ;) appreciated.
Current thread:
- VRFY 000.000@my.domain Eduardo Escalante (May 19)
- <Possible follow-ups>
- Re: VRFY 000.000@my.domain Mark Tinberg (May 22)
- Re: VRFY 000.000@my.domain Lisa Saarloos (May 23)
- Re: VRFY 000.000@my.domain Ben Laws (May 23)