From owner-freebsd-questions Sun Mar 28 14:30:15 1999 Delivered-To: freebsd-questions@freebsd.org Received: from mta2-rme.xtra.co.nz (mta.xtra.co.nz [203.96.92.3]) by hub.freebsd.org (Postfix) with ESMTP id 4875E153E1 for ; Sun, 28 Mar 1999 14:30:10 -0800 (PST) (envelope-from junkmale@pop3.xtra.co.nz) Received: from wocker ([210.55.164.76]) by mta2-rme.xtra.co.nz (InterMail v04.00.02.07 201-227-108) with SMTP id <19990328223125.VJQP5117602.mta2-rme@wocker>; Mon, 29 Mar 1999 10:31:25 +1200 From: "Dan Langille" Organization: The FreeBSD Diary To: David Martin Date: Mon, 29 Mar 1999 10:29:53 +1200 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: help Reply-To: junkmale@xtra.co.nz Cc: freebsd-questions@FreeBSD.ORG In-reply-to: X-mailer: Pegasus Mail for Win32 (v3.01d) Message-Id: <19990328223125.VJQP5117602.mta2-rme@wocker> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 28 Mar 99, at 16:20, David Martin wrote: > Could somebody please tell me what the following line means, i've never > seen it before. It comes from my log files. > > sendmail[13664]: NOQUEUE: Null connection from > > I'm guessing it's a hack attempt, since right above this entry the person > tried to finger and ftp to my box. Not quite a hack, but an attempt to see your mail headers to see what version of sendmail you are running. Using this information they might be able to use a known exploit from an older version of sendmail. Check your www logs too. If all of these connections were within a few seconds of each other, I'd suspect a kiddie script. In which case, I'd post a polite message to the ISP concerned so they can take action. Include the logs excerpts. hth. -- Dan Langille The FreeBSD Diary http://www.FreeBSDDiary.com/freebsd To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message