[exim] Script kiddies?

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MM 
Mike Cardwell at ->
Delete this message
Reply to this message
Author: Ted Cooper
Date:  
To: exim-users
Subject: [exim] Script kiddies?
I've kept an Exim server which lies about its version in the greeting -
4.50 instead of 4.73 - and does nothing but host an obscure domain that
doesn't get any email.

A couple of hours ago it received two connections from an IP address,
both attempted to do nefarious things. The first attempted to use the
mail server as a web proxy - fairly typical. The second connection 5
seconds later though, looks amazingly like the buffer overflow that was
recently brought to light.

This is the first time it has ever had an attempt to exploit the server
instead of just attempted relaying or dictionary attacks. Yes, it leads
a very boring life.

There is the possibility that this has become part of some script kiddie
exploit kit now so there may be more of these attacks against servers
running old versions. Luckily it's not very well written and falls over
fairly quickly.


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] sophie socket error when not using sophieRe: [exim] Script kiddies?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)