Security Incidents mailing list archives
Re: VRFY 000.000@my.domain
From: ms_mol () DDS NL (Lisa Saarloos)
Date: Tue, 23 May 2000 11:29:28 +0200
Hello, Got the same messages in the logs here, seems to be something automated... Although it's being rejected, I still want to know what it is and where it's coming from... Apr 25 18:34:15 ourhost sendmail[1741]: NOQUEUE: IDENT:root@[216.35.49.170]: VRFY 000.000 () domain1 nl [rejected] Apr 26 05:18:19 ourhost sendmail[6412]: NOQUEUE: IDENT:root@[216.35.49.170]: VRFY 000.000 () domain2 nl [rejected] May 3 17:01:40 ourhost sendmail[20558]: NOQUEUE: IDENT:root@[216.35.49.170]: VRFY 00000096 () domain1 nl [rejected] May 4 02:25:08 ourhost sendmail[26770]: NOQUEUE: IDENT:root@[216.35.49.170]: VRFY 00000096 () domain2 nl [rejected] May 12 05:53:12 ourhost sendmail[9647]: NOQUEUE: IDENT:root@[216.35.49.170]: VRFY 00000219 () domain1 nl [rejected] May 12 16:02:02 ourhost sendmail[28276]: NOQUEUE: IDENT:root@[216.35.49.170]: VRFY 00000219 () domain2 nl [rejected] May 19 22:05:52 ourhost sendmail[5763]: NOQUEUE: IDENT:root@[216.35.49.170]: VRFY 0000041802 () domain1 nl [rejected] May 20 06:24:15 ourhost sendmail[8580]: NOQUEUE: IDENT:root@[216.35.49.170]: VRFY 0000041802 () domain2 nl[rejected] jamie | -----Original Message----- | From: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]On | Behalf Of Mark Tinberg | Sent: maandag 22 mei 2000 16:52 | To: INCIDENTS () SECURITYFOCUS COM | Subject: Re: VRFY 000.000@my.domain | | | I saw something like this awhile ago, from some server in an | Exodus facility. Possibly some network analyzer? | | Here is the snippet from my old logs. | | May 1 04:10:53 mail sendmail[17672]: NOQUEUE: [216.35.49.170]: | VRFY 00000096@ma | dison.tec.wi.us [rejected] | Apr 27 09:26:12 mail sendmail[7261]: NOQUEUE: [216.35.49.170]: | VRFY 0000005580@m | adison.tec.wi.us [rejected] | Apr 18 20:20:39 mail sendmail[6359]: NOQUEUE: [216.35.49.170]: | VRFY 0-pony-0@mad | ison.tec.wi.us [rejected] | Apr 22 22:57:33 mail sendmail[32653]: NOQUEUE: [216.35.49.170]: | VRFY 000.000@mad | ison.tec.wi.us [rejected] | | >>> Eduardo Escalante 05/22/00 03:40 AM >>> | I recently got a few times some odd security alerts: | | VRFY 000.000@my.domain | VRFY 00000096@my.domain | VRFY 000001@my.domain | VRFY 00000219@my.domain | VRFY 0000028252@my.domain | | Different days from the same IP. I doubt they were looking | for valid users and half suspect some sort of weird Internet | tool ( ala 3DNS). Maybe it is checking for a trojan? | | Similar logs or info about it (or guesses ;) appreciated. |
Current thread:
- VRFY 000.000@my.domain Eduardo Escalante (May 19)
- <Possible follow-ups>
- Re: VRFY 000.000@my.domain Mark Tinberg (May 22)
- Re: VRFY 000.000@my.domain Lisa Saarloos (May 23)
- Re: VRFY 000.000@my.domain Ben Laws (May 23)