Date: Fri, 17 Jan 2003 11:37:15 -0500 From: Jim Freeze <jim@freeze.org> To: Bill Moran <wmoran@potentialtech.com> Cc: FreeBSD Questions <FreeBSD-questions@FreeBSD.org> Subject: Re: Possible attack? Message-ID: <20030117113715.A9541@freeze.org> In-Reply-To: <3E281AD7.6090807@potentialtech.com>; from wmoran@potentialtech.com on Fri, Jan 17, 2003 at 10:01:43AM -0500 References: <20030117093453.A9304@freeze.org> <3E281AD7.6090807@potentialtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday, 17 January 2003 at 10:01:43 -0500, Bill Moran wrote: > Jim Freeze wrote: > > Hi: > > > > I got an interesting log report today. > > Has anyone seen such messages lately? > > > > Jan 15 12:15:21 rabbit sm-mta[3937]: h0FHFIJI003936: Truncated MIME > > Content-Disposition header due to > > field size (length = 25) (possible attack) > > Jan 15 17:33:04 rabbit ftpd[4435]: ANONYMOUS FTP LOGIN REFUSED FROM > > pD9E60C0F.dip.t-dialin.net > > Jan 15 23:59:48 rabbit sm-mta[5210]: h0G4xkJI005209: Truncated MIME > > Content-Disposition header due to > > field size (length = 22) (possible attack) > > I've seen the "anonymous FTP denied" off and on. I think that some folks > just randomly attempt to connect to any FTP server they find in the > hopes that there's cool stuff there. > The sm-mta Truncaded MIME stuff isn't familiar to me, and it doesn't > actually seem related (compare the times). Could be someone with a > broken mailer? or some sort of bogus MIME header that facilitates > the propagation of some worm? > It's probably a cheesy attempt at an "attack". But it's not blatent > enough to do much more than note it in case something more serious > goes wrong. If you don't have any clients that should be connecting > from Deutsche TeleKom, you can just firewall off that whole subnet. Thanks all for the replies. I accept the fact that I am going to get the FTP login attempts, I just had never seen the "(possible attack)" in my logs. I'm not sure I have anything worth the effort to attempt a break-in. :) -- Jim Freeze ---------- Anyone who goes to a psychiatrist ought to have his head examined. -- Samuel Goldwyn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030117113715.A9541>