Security Incidents mailing list archives
Re: HELO/EHLP attack?.
From: Ryan Yagatich <ryagatich () CSN1 COM>
Date: Fri, 4 Aug 2000 09:58:17 -0400
don't quote me on this but, it looks to me like someone had just connected to the SMTP daemon and just initialized the connection, and then killed it right after. was there anything else in the logs before/after? (like commands that were issued etc...) if not, set your log level up a bit to grab more information and see. ryan -----Original Message----- From: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]On Behalf Of Lic. Rodolfo Gonzalez Gonzalez Sent: Wednesday, August 02, 2000 1:50 PM To: INCIDENTS () SECURITYFOCUS COM Subject: HELO/EHLP attack?. Hello, I got this in my logs: Jul 31 19:49:46 mail sendmail[5153]: NOQUEUE: [64.41.151.78]: HELO/EHLO attack? This is a remote attack, I guess? (but I'd like to be sure, please). Thanks. Rodolfo.
Current thread:
- HELO/EHLP attack?. Lic. Rodolfo Gonzalez Gonzalez (Aug 03)
- Re: HELO/EHLP attack?. Ryan Yagatich (Aug 04)
- Re: HELO/EHLP attack?. Valdis Kletnieks (Aug 07)
- Re: HELO/EHLP attack?. Michal Zalewski (Aug 07)
- dos from .kr, plus some classic .kr irresponsibility Jason Storm (Aug 07)
- Re: dos from .kr, plus some classic .kr irresponsibility Russell Fulton (Aug 08)
- Re: dos from .kr, plus some classic .kr irresponsibility Maddy (Aug 09)
- Re: dos from .kr, plus some classic .kr irresponsibility Dan Hollis (Aug 09)
- Re: dos from .kr, plus some classic .kr irresponsibility Jose Nazario (Aug 10)
- Re: dos from .kr, plus some classic .kr irresponsibility Dan Hollis (Aug 10)
- Re: dos from .kr, plus some classic .kr irresponsibility Dan Hollis (Aug 10)
- Re: HELO/EHLP attack?. Ryan Yagatich (Aug 04)
- <Possible follow-ups>
- Re: HELO/EHLP attack?. Michal 'CeFeK' Nazarewicz (Aug 08)