Paranoid theory follows.
Your client's system has been breached and the trojan is emailing some
data back to its host, perhaps /etc/passwd
Like I say, its a paranoid theory.
Howard.
______________________________________________________
LANNet Computing Associates <http://www.lannet.com.au>
On Thu, 17 Feb 2000, Ian Ward wrote:
> Hi all,
> I run a logcheck program that processes the logs of my(and other) systems.
> A friend received this in the daily summary.
> Can anyone shed any light, or should I go to the sendmail list?
>
> Active System Attack Alerts
> =-=-=-=-=-=-=-=-=-=-=-=-=-=
> Feb 15 08:29:26 firewall1 sendmail[4629]: IAA04627:
> to=<[EMAIL PROTECTED]>, delay=00:06:19, xdelay=00:06:18, mailer=esmtp,
> relay=mailsorter-101.bryant.webtv.net. [209.240.198.91], stat=Deferred:
> Connection timed out with mailsorter-101.bryant.webtv.net.
> Feb 15 08:34:11 firewall1 sendmail[4672]: IAA04627:
> to=<[EMAIL PROTECTED]>, delay=00:11:04, xdelay=00:03:39, mailer=esmtp,
> relay=mailsorter-101.bryant.webtv.net. [209.240.198.91], stat=Sent (OAA17751
> Message accepted for delivery)
>
> --
> SLUG - Sydney Linux Users Group Mailing List - http://www.slug.org.au
> To unsubscribe send email to [EMAIL PROTECTED] with
> unsubscribe in the text
>
--
SLUG - Sydney Linux Users Group Mailing List - http://www.slug.org.au
To unsubscribe send email to [EMAIL PROTECTED] with
unsubscribe in the text
