[Dshield] Sendmail Overflow
David.Sentelle at cnbcbank.com
Thu Mar 27 14:24:14 GMT 2003
Our IDS service is indicating that I'm getting sendmail overflow exploit attempts from mail2.giac.net. Here's a sendmail log from about the time this started...
Mar 26 13:57:32 cnbmail sendmail: h2QGvWnK018511: timeout waiting for input from mail2.giac.NET during message collect
Mar 26 13:57:32 cnbmail sendmail: h2QGvWnK018511: from=<list-bounces at dshield.org>, size=47269, class=-30, nrcpts=1, msgid=<200303261653.h2QGrxg02384 at viper.incidents.org>, proto=SMTP, daemon=MTA, relay=mail2.giac.NET [18.104.22.168]
Mar 26 13:57:32 cnbmail sendmail: h2QGvWnK018511: to=<david.sentelle at cnbcbank.com>, delay=02:00:00, pri=85148, stat=timeout waiting for input during message collect
Is there a problem with the GIAC mailserver, or is normal traffic being misidentified by our IDS service? If replying to the list, please CC me directly as I may not be able to get email from the list.
This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to which
they are addressed. If you have received this e-mail in error,
please notify admin at cnbcbank.com and delete it from your system.
More information about the list