Dear Cobalt Security Guri, Attached below please see a message I received from the log monitoring program on my RaQ2. I use logcheck 1.1.1.
I don't recall ever seeing a message with "ACTIVE SYSTEM ATTACK!" in the subject line and wonder if it might be bogus. What do you think? Also, the log entry about which logcheck complains looks harmless to me; is it? If I'm reading it right, I believe that what it's reporting is a refusal to relay Rumanian spam, not at all unusual; am I interpreting this correctly? Thanks muchly for sage advice! Dan Keller [EMAIL PROTECTED] >Date: Fri, 22 Nov 2002 04:01:18 -0800 >From: Root <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: www.keller.com 11/22/02:04.01 ACTIVE SYSTEM ATTACK! >X-Status: >X-Keywords: > >Active System Attack Alerts >=-=-=-=-=-=-=-=-=-=-=-=-=-= >Nov 22 03:25:54 www sendmail[2360]: DAA02360: from=<[EMAIL PROTECTED]>, size=1124, >class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[200.4.100.2] > >Security Violations >=-=-=-=-=-=-=-=-=-= >Nov 22 03:25:54 www sendmail[2360]: DAA02360: from=<[EMAIL PROTECTED]>, size=1124, >class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[200.4.100.2] _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
