Re: [exim] Re: [exim-dev] buffer overflow?

Top Page
Delete this message
Reply to this message
Author: Subhi S Hashwa
Date:  
To: Peter Bowyer, Exim Users Mailing List, peter
CC: 
Subject: Re: [exim] Re: [exim-dev] buffer overflow?
Saturday, March 12, 2005, 3:41:04 PM, Peter Bowyer wrote:

> No, I'm not sure - nor could anyone be from the log snippet you
> posted. All it shows is an attempt to mail the contents of a passwd
> file. I made an intelligent guess, that's all.


Ah fair enough, the IP shown is not my server, it is some user in
Spain.

> And I've no way of knowing whether that's one of your IPs or not.


> Have you scanned your server for any other signs of intrusion (rootkits etc) ?


I just redownloaded chkrootkit package from Freebsd as a binary
package and it gives it all clear, I am about to examine the lsof
output in detail.

But my point is , the content is from my server with incoming
connection from remote server 81.60.208.97/DWM-97-208.go.retevision.es
(/etc/group files and /etc/services) rather than the passwd+master
files.

I get loads of rejected rubbish incoming connections but this one is
by far the most unusual and most likely serious.

-- 
Best regards,
 Subhi S Hashwa                            mailto:lists@subhi.com
 When everything is heading your way, you're in the wrong lane.