[exim] Script kiddies?

Top Page

Reply to this message
Author: Ted Cooper
Date:  
To: exim-users
Subject: [exim] Script kiddies?
I've kept an Exim server which lies about its version in the greeting -
4.50 instead of 4.73 - and does nothing but host an obscure domain that
doesn't get any email.

A couple of hours ago it received two connections from an IP address,
both attempted to do nefarious things. The first attempted to use the
mail server as a web proxy - fairly typical. The second connection 5
seconds later though, looks amazingly like the buffer overflow that was
recently brought to light.

This is the first time it has ever had an attempt to exploit the server
instead of just attempted relaying or dictionary attacks. Yes, it leads
a very boring life.

There is the possibility that this has become part of some script kiddie
exploit kit now so there may be more of these attacks against servers
running old versions. Luckily it's not very well written and falls over
fairly quickly.