[1219] in bugtraq
Re: Suspicious Mail
daemon@ATHENA.MIT.EDU (Dave Horsfall)
Thu Mar 9 20:40:30 1995
Date: Fri, 10 Mar 1995 10:11:29 +1000 (EST)
From: Dave Horsfall <dave@esi.com.au>
To: Bugtraq Mailing List <bugtraq@fc.net>
In-Reply-To: <9503091605.AA09666@sobrino.eui.upm.es>
On Thu, 9 Mar 1995, David Guerrero wrote:
> I'm not sure what is it.... could it be a probing for the recent bug of
> identd in sendmail, or something like this...
No - it's probing for an old bug in Sendmail, which is not to say that
similar bugs still exist if you are still running 4.1.1 SunOS.
> > 550 | sed '1,/^$/d' | sh... Host unknown
Someone is trying to pipe shell commands from the body of the message.
> > Received: from i60s14.ira.uka.de by sobrino.eui.upm.es (4.1/3.1) [...]
You might want to drop a line to the Postmaster at this site; then again,
it could have been forged.
--
Dave Horsfall (VK2KFU) | dave@esi.com.au | VK2KFU @ VK2AAB.NSW.AUS.OC | PGP 2.6
Opinions expressed are mine. | E7 FE 97 88 E5 02 3C AE 9C 8C 54 5B 9A D4 A0 CD
