From owner-freebsd-security  Wed Mar  5 12: 9:58 2003
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7AA8A37B410
	for <security@FreeBSD.ORG>; Wed,  5 Mar 2003 12:09:55 -0800 (PST)
Received: from mail.reptiles.org (mail.reptiles.org [198.96.117.157])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C559F43FAF
	for <security@FreeBSD.ORG>; Wed,  5 Mar 2003 12:09:53 -0800 (PST)
	(envelope-from geoffrey@reptiles.org)
Received: from mail.reptiles.org([198.96.117.157]) (856 bytes) by mail.reptiles.org
	via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp
	(sender: <geoffrey@reptiles.org>) 
	id <m18qfD6-000EUSC@mail.reptiles.org>
	for <security@FreeBSD.ORG>; Wed, 5 Mar 2003 15:09:52 -0500 (EST)
	(Smail-3.2.0.115-Pre 2001-Aug-6 #2 built 2002-Nov-19)
Date: Wed, 5 Mar 2003 15:09:52 -0500 (EST)
From: Geoffrey <geoffrey@reptiles.org>
Cc: Mike Tancsa <mike@sentex.net>, <security@FreeBSD.ORG>
Subject: Re: Checking for sendmail attacked (was Re: SA-03:04.sendmail Bin
 Update)
In-Reply-To: <20030305142158.GD17705@madman.celabo.org>
Message-ID: <20030305150921.Y21533-100000@iguana.reptiles.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, 5 Mar 2003, Jacques A. Vidrine wrote:

> On Tue, Mar 04, 2003 at 12:46:38PM -0500, Mike Tancsa wrote:
>
> > Is there a more definitive way to see if someone is actively trying to
> > exploit the issue?
>
> Somehow log the headers?
>
	Evidently snort will do this.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message