Yep, that's what I think. I had a good look through the logs, it just looks
like a normal log entry but with an unfortunate choice of email address.
----- Original Message -----
From: Ken Yap <[EMAIL PROTECTED]>
To: Ian Ward <[EMAIL PROTECTED]>
Sent: Friday, 18 February 2000 9:53 AM
Subject: Re: [SLUG] sendmail security alert
> >Hi all,
> >I run a logcheck program that processes the logs of my(and other)
systems.
> >A friend received this in the daily summary.
> >Can anyone shed any light, or should I go to the sendmail list?
> >
> >Active System Attack Alerts
> >=-=-=-=-=-=-=-=-=-=-=-=-=-=
> >Feb 15 08:29:26 firewall1 sendmail[4629]: IAA04627:
> >to=<[EMAIL PROTECTED]>, delay=00:06:19, xdelay=00:06:18,
mailer=esmtp,
> >relay=mailsorter-101.bryant.webtv.net. [209.240.198.91], stat=Deferred:
> >Connection timed out with mailsorter-101.bryant.webtv.net.
> >Feb 15 08:34:11 firewall1 sendmail[4672]: IAA04627:
> >to=<[EMAIL PROTECTED]>, delay=00:11:04, xdelay=00:03:39,
mailer=esmtp,
> >relay=mailsorter-101.bryant.webtv.net. [209.240.198.91], stat=Sent
(OAA17751
> >Message accepted for delivery)
>
> I think it's a false alarm, the logcheck just latched onto the word
> attack, and somebody has a strange idea for a mail address.
>
--
SLUG - Sydney Linux Users Group Mailing List - http://www.slug.org.au
To unsubscribe send email to [EMAIL PROTECTED] with
unsubscribe in the text
