On Friday, 17 January 2003 at 10:01:43 -0500, Bill Moran wrote:
> Jim Freeze wrote:
> > Hi:
> > 
> > I got an interesting log report today. 
> > Has anyone seen such messages lately?
> > 
> > Jan 15 12:15:21 rabbit sm-mta[3937]: h0FHFIJI003936: Truncated MIME
> >   Content-Disposition header due to
> >  field size (length = 25) (possible attack)
> > Jan 15 17:33:04 rabbit ftpd[4435]: ANONYMOUS FTP LOGIN REFUSED FROM
> >  pD9E60C0F.dip.t-dialin.net
> > Jan 15 23:59:48 rabbit sm-mta[5210]: h0G4xkJI005209: Truncated MIME
> >  Content-Disposition header due to
> >   field size (length = 22) (possible attack)
> I've seen the "anonymous FTP denied" off and on.  I think that some folks
> just randomly attempt to connect to any FTP server they find in the
> hopes that there's cool stuff there.
> The sm-mta Truncaded MIME stuff isn't familiar to me, and it doesn't
> actually seem related (compare the times).  Could be someone with a
> broken mailer? or some sort of bogus MIME header that facilitates
> the propagation of some worm?
> It's probably a cheesy attempt at an "attack".  But it's not blatent
> enough to do much more than note it in case something more serious
> goes wrong.  If you don't have any clients that should be connecting
> from Deutsche TeleKom, you can just firewall off that whole subnet.
 Thanks all for the replies. I accept the fact that I am going
 to get the FTP login attempts, I just had never seen the 
 "(possible attack)" in my logs.

 I'm not sure I have anything worth the effort to attempt a break-in. :)

Jim Freeze
Anyone who goes to a psychiatrist ought to have his head examined.
                -- Samuel Goldwyn

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Reply via email to