Security Basics mailing list archives
EXPN and VRFY signature
From: "Brown, Tony" <TBrown2 () nmff org>
Date: Thu, 12 Jun 2003 15:38:59 -0500
All, Yesterday, I had 4000+ connections from one of my servers to our name servers. One of the things that I did was cut off mail and connections seemed to have dropped. My mail logs shows: Jun 11 10:03:18 prod sendmail[25805]: NOQUEUE: Null connection from [10.19.3 3.47] Jun 11 10:03:34 prod sendmail[26752]: NOQUEUE: [10.19.33.47]: EXPN root Jun 11 10:03:34 prod sendmail[26877]: NOQUEUE: [10.19.33.47]: VRFY root Jun 11 10:31:39 prod sendmail[13549]: KAA0000013549: lost input channel from [10.19.33.47] Jun 11 10:31:39 prod sendmail[13549]: KAA0000013549: from=blade@lans, size=0 , class=0, pri=0, nrcpts=1, proto=SMTP, relay=[10.19.33.47] Is this the signature of a EXPN and VRFY exploit? Thanks, T. This e-mail is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged and confidential. If the reader of this e-mail message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is prohibited. If you have received this e-mail in error, please notify the sender and destroy all copies of the transmittal. Thank you. Northwestern Medical Faculty Foundation, Inc. --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- EXPN and VRFY signature Brown, Tony (Jun 12)