Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2000-01

Postfix Archives: Re: Exploit attempt or spammer?

Re: Exploit attempt or spammer?

Subject: Re: Exploit attempt or spammer?
From: Ralf Hildebrandt (R.Hildebrandttu-bs.de)
Date: Mon Jan 24 2000 - 08:29:38 CST

Next message: Anand Buddhdev: "Re: Exploit attempt or spammer?"
Previous message: Joe Laffey: "Exploit attempt or spammer?"
In reply to: Joe Laffey: "Exploit attempt or spammer?"
Next in thread: Ralf Hildebrandt: "Re: Exploit attempt or spammer?"
Next in thread: Anand Buddhdev: "Re: Exploit attempt or spammer?"
Reply: Ralf Hildebrandt: "Re: Exploit attempt or spammer?"
Reply: Ralf Hildebrandt: "Re: Exploit attempt or spammer?"
Reply: Wietse Venema: "Re: Exploit attempt or spammer?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jan 24, 2000 at 08:07:12AM -0600, Joe Laffey wrote:
> Hi,
>
> Does the report below look like someone trying to do a buffer overflow and
> gain access, or what?
Yup.

> Is the line "BUFFER OVERFLOW through:" generated by
> Postfix, or has the person typed that in or what? I would appreciate any
> insight...

It came "In:"

> In: HELO
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
HELO buffer overrun. Exploit of what other MTA??

> In: To: jahoopadupajahoopa.com
> In: From: mickeymouseyahoo.com
> In: Subject: Test work
> In:
> In: BUFFER OVERFLOW through:
> In: 209.74.129.137

Is the text of the message

-- 
Ralf Hildebrandt <R.Hildebrandttu-bs.de> www.stahl.bau.tu-bs.de/~hildeb
  Three servers for the admins under the influence of rye,
  seven routers for the network techs in their halls of stone
  Nine workstations for mortal lusers doomed to die
  One NT box from the dark lord on his throne
  in the land of Redmond where the shadows lie

Next message: Anand Buddhdev: "Re: Exploit attempt or spammer?"
Previous message: Joe Laffey: "Exploit attempt or spammer?"
In reply to: Joe Laffey: "Exploit attempt or spammer?"
Next in thread: Ralf Hildebrandt: "Re: Exploit attempt or spammer?"
Next in thread: Anand Buddhdev: "Re: Exploit attempt or spammer?"
Reply: Ralf Hildebrandt: "Re: Exploit attempt or spammer?"
Reply: Ralf Hildebrandt: "Re: Exploit attempt or spammer?"
Reply: Wietse Venema: "Re: Exploit attempt or spammer?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Mon Jan 24 2000 - 08:35:21 CST