Hi Glenn, > I just saw a strange attack on my Cobalts that serve mail. > > Jan 31 11:06:14 mail sendmail[11500]: NOQUEUE: blinky.mydomain.com > [192.168.5.5]: EXPN root [rejected] > > Jan 31 11:06:14 mail sendmail[11500]: NOQUEUE: blinky.mydomain.com > [192.168.5.5]: VRFY root [rejected] > > Can anyone explain what happened here? It looks like I'm getting hacked > from my firewall!?
See this: http://www.demarc.com/arachnids/IDS31/research.html Quote from that page: "expn is a valid part of the SMTP protocol, however it is not commonly used to gather information about system accounts such as root. This behavior is indicative of a probe." -- With best regards, Michael Stauber _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
