[Dshield] Sendmail Overflow

David Sentelle David.Sentelle at cnbcbank.com
Thu Mar 27 14:24:14 GMT 2003

Our IDS service is indicating that I'm getting sendmail overflow exploit attempts from mail2.giac.net.  Here's a sendmail log from about the time this started...

Mar 26 13:57:32 cnbmail sendmail[18511]: h2QGvWnK018511: timeout waiting for input from mail2.giac.NET during message collect
Mar 26 13:57:32 cnbmail sendmail[18511]: h2QGvWnK018511: from=<list-bounces at dshield.org>, size=47269, class=-30, nrcpts=1, msgid=<200303261653.h2QGrxg02384 at viper.incidents.org>, proto=SMTP, daemon=MTA, relay=mail2.giac.NET []
Mar 26 13:57:32 cnbmail sendmail[18511]: h2QGvWnK018511: to=<david.sentelle at cnbcbank.com>, delay=02:00:00, pri=85148, stat=timeout waiting for input during message collect

Is there a problem with the GIAC mailserver, or is normal traffic being misidentified by our IDS service?  If replying to the list, please CC me directly as I may not be able to get email from the list.

This e-mail and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to which 
they are addressed. If you have received this e-mail in error, 
please notify admin at cnbcbank.com and delete it from your system.

More information about the list mailing list