|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Exploit attempt or spammer?
Subject: Re: Exploit attempt or spammer?
From: Russ Allbery (rra
stanford.edu)
Date: Mon Jan 24 2000 - 08:53:26 CST
- Next message: Lutz Jaenicke: "Re: local_recipient_maps"
- Previous message: Wietse Venema: "Re: local_recipient_maps"
- Next in thread: Dan Hollis: "Re: Exploit attempt or spammer?"
- Maybe reply: Russ Allbery: "Re: Exploit attempt or spammer?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Joe Laffey <joelaffeycomputer.com> writes:
> Does the report below look like someone trying to do a buffer overflow
> and gain access, or what?
It's a technique used by spammers to mask the origin of their messages.
It only affects sendmail so far as I know. Older versions of sendmail put
an upper limit on the size of the Received header (obvious and good) and
enforced it by dropping everything after a certain byte count (including
the comments that identify the actual sending host) -- very bad. Fixed in
current versions, but a lot of people are running old sendmail.
-- Russ Allbery (rra
- Next message: Lutz Jaenicke: "Re: local_recipient_maps"
- Previous message: Wietse Venema: "Re: local_recipient_maps"
- Next in thread: Dan Hollis: "Re: Exploit attempt or spammer?"
- Maybe reply: Russ Allbery: "Re: Exploit attempt or spammer?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Mon Jan 24 2000 - 08:57:42 CST