Active System Attack Alerts
Geir Svalland
admin at swedehost.com
Tue Jan 27 09:49:15 PST 2004
Hi everybody.
Got some strange alerts in my logfiles that I need help to interp.
<snip>
Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jan 27 02:12:41 odin sendmail[46386]: i0R1CbKR046385: Fixed MIME
Content-Type header field (possible attack)
Jan 27 02:12:41 odin sendmail[46386]: i0R1CbKR046385: Fixed MIME
Content-Type header field (possible attack)
Security Violations
=-=-=-=-=-=-=-=-=-=
Jan 27 02:12:41 odin sendmail[46386]: i0R1CbKR046385: Fixed MIME
Content-Type header field (possible attack)
Jan 27 02:12:41 odin sendmail[46386]: i0R1CbKR046385: Fixed MIME
Content-Type header field (possible attack)
Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Jan 27 02:12:41 odin sendmail[46386]: i0R1CbKR046385: Fixed MIME
Content-Type header field (possible attack)
Jan 27 02:12:41 odin sendmail[46386]: i0R1CbKR046385: Fixed MIME
Content-Type header field (possible attack)
</snip>
and from my maillog
<snip>
cat maillog | grep "02:12:41"
Jan 27 02:12:41 odin sendmail[46385]: i0R1CbKR046385:
from=<owner-freebsd-questions at freebsd.org>, size=122951, class=-30,
nrcpts=1, msgid=<OLECLEAMDPKEDGIGPPAAOEIACNAA.yvette at dbtgroup.com>,
proto=ESMTP, daemon=IPv4, relay=mx2.freebsd.org [216.136.204.119]
Jan 27 02:12:41 odin sendmail[46386]: i0R1CbKR046385: Fixed MIME
Content-Type header field (possible attack)
Jan 27 02:12:41 odin sendmail[46386]: i0R1CbKR046385:
to=<admin at swedehost.com>, delay=00:00:03, xdelay=00:00:00,
mailer=local, pri=207193, relay=local, dsn=2.0.0, stat=Sent
</snip>
Nothing unusual in any other logfiles.
Regards
Hasse.
More information about the freebsd-questions
mailing list