Suspicious Mail Log! (Hacker) from Mike Lutwick on 2000-08-22 (tru64-unix-managers)

From: Mike Lutwick <mlutwick_at_STMARYS.CA>
Date: Mon, 21 Aug 2000 11:00:21 -0300

Take a look at the below mail log. Does this person seem to be trying to
hack the system?? As this person is not a valid user.

> Aug 18 13:45:18 thunder sendmail[10616]: NAA0000010478: to=c, ctladdr=root
(0/1), delay=00:00:04, xdelay=00:00:04, mailer=smtpr,
relay=husky1.stmarys.ca. [140.184.1.1], stat=Sent (2.5.0 Ok.)
> Aug 18 14:31:15 thunder sendmail[16234]: NOQUEUE:
jw152-176.jacqueswhitford.com [198.164.176.152]: vrfy root
> Aug 18 14:31:15 thunder sendmail[16257]: NOQUEUE:
jw152-176.jacqueswhitford.com [198.164.176.152]: expn root
> Aug 18 14:31:16 thunder sendmail[15959]: NOQUEUE:
jw152-176.jacqueswhitford.com [198.164.176.152]: expn decode
> Aug 18 14:31:17 thunder sendmail[16217]: OAA0000016217:
from=<cis_at_cerberus-infosec.co.uk>, size=29, class=0, pri=30029, nrcpts=1,
msgid=<200008181731.OAA0000016217_at_thunder.stmarys.ca>, proto=SMTP,
relay=jw152-176.jacqueswhitford.com [198.164.176.152]
> Aug 18 14:31:19 thunder sendmail[14826]: OAA0000014826: setsender: |root:
invalid or unparseable, received from jw152-176.jacqueswhitford.com
[198.164.176.152]
> Aug 18 14:31:19 thunder sendmail[14826]: OAA0000014826: from=|root,
size=0, class=0, pri=0, nrcpts=0, proto=SMTP,
relay=jw152-176.jacqueswhitford.com [198.164.176.152]
> Aug 18 14:31:19 thunder sendmail[16263]: NOQUEUE: "wiz" command from
jw152-176.jacqueswhitford.com [198.164.176.152] (198.164.176.152)
> Aug 18 14:31:20 thunder sendmail[15854]: OAA0000016217:
to=<scan_at_cerberus-infosec.co.uk>, delay=00:00:04, xdelay=00:00:03,
mailer=smtpr, relay=husky1.stmarys.ca. [140.184.1.1], stat=Sent (2.5.0 Ok.)
> Aug 18 14:31:20 thunder sendmail[16197]: OAA0000016197: |cisscan... Cannot
mail directly to programs
> Aug 18 14:31:21 thunder sendmail[16197]: OAA0000016197: "debug" command
from jw152-176.jacqueswhitford.com [198.164.176.152] (198.164.176.152)
> Aug 18 14:31:21 thunder sendmail[16197]: OAA0000016197:
from=<scan_at_cerberus-infosec.co.uk>, size=0, class=0, pri=0, nrcpts=0,
proto=SMTP, relay=jw152-176.jacqueswhitford.com [198.164.176.152]
> Aug 18 14:37:34 thunder sendmail[16282]: NOQUEUE:
scrosby_at_dns.weblink.nbtel.net [198.164.220.122]: vrfy info
> Aug 18 14:37:37 thunder sendmail[166]: NOQUEUE:
scrosby_at_dns.weblink.nbtel.net [198.164.220.122]: vrfy root
> Aug 18 14:37:48 thunder sendmail[16595]: NOQUEUE:
scrosby_at_dns.weblink.nbtel.net [198.164.220.122]: vrfy admin
> Aug 18 14:37:54 thunder sendmail[31646]: NOQUEUE:
scrosby_at_dns.weblink.nbtel.net [198.164.220.122]: vrfy www
> Aug 18 14:38:00 thunder sendmail[16774]: NOQUEUE:
scrosby_at_dns.weblink.nbtel.net [198.164.220.122]: vrfy system
> Aug 18 14:38:13 thunder sendmail[16573]: NOQUEUE:
scrosby_at_dns.weblink.nbtel.net [198.164.220.122]: EXPN attack?
> Aug 18 14:38:14 thunder sendmail[16286]: NOQUEUE:
scrosby_at_dns.weblink.nbtel.net [198.164.220.122]: expn system
> Aug 18 14:38:28 thunder sendmail[16791]: NOQUEUE:
scrosby_at_dns.weblink.nbtel.net [198.164.220.122]: vrfy ftp
> Aug 18 20:49:30 thunder sendmail[10223]: UAA0000010223: from=nobody,
size=686, class=0, pri=30686, nrcpts=1,
msgid=<200008182349.UAA0000010223_at_thunder.stmarys.ca>,
relay=nobody_at_localhost
> Aug 18 20:49:35 thunder sendmail[10396]: UAA0000010223:
to=cont_ed_at_admin.stmarys.ca, ctladdr=nobody (65534/65534), delay=00:00:05,
xdelay=00:00:05, mailer=smtpr, relay=husky1.stmarys.ca. [140.184.1.1],
stat=Sent (2.5.0 Ok.)
> Aug 18 22:43:57 thunder sendmail[14615]: WAA0000014615: from=nobody,
size=728, class=0, pri=30728, nrcpts=1,
msgid=<200008190143.WAA0000014615_at_thunder.stmarys.ca>,
relay=nobody_at_localhost
> Aug 18 22:44:01 thunder sendmail[14582]: WAA0000014615:
to=cont_ed_at_admin.stmarys.ca, ctladdr=nobody (65534/65534), delay=00:00:04,
xdelay=00:00:04, mailer=smtpr, relay=husky1.stmarys.ca. [140.184.1.1],
stat=Sent (2.5.0 Ok.)
> Aug 18 23:41:12 thunder sendmail[16353]: XAA0000016353: from=GOD, size=7,
class=0, pri=30007, nrcpts=1,
msgid=<200008190240.XAA0000016353_at_thunder.stmarys.ca>, proto=SMTP,
relay=husky1.stmarys.ca [140.184.1.1]
> Aug 18 23:41:17 thunder sendmail[16127]: XAA0000016353: to=,
delay=00:00:23, xdelay=00:00:05, mailer=smtpr, relay=husky1.stmarys.ca.
[140.184.1.1], stat=Sent (2.5.0 Ok.)
> Aug 18 23:42:54 thunder sendmail[16028]: NOQUEUE: Null connection from
mdslppp185.mpls.uswest.net [63.225.152.185]
> Aug 18 23:48:51 thunder sendmail[16390]: XAA0000016390:
from=GOD_at_heaven.com, size=8, class=0, pri=30008, nrcpts=1,
msgid=<200008190248.XAA0000016390_at_thunder.stmarys.ca>, proto=SMTP,
relay=mdslppp185.mpls.uswest.net [63.225.152.185]
> Aug 18 23:48:56 thunder sendmail[14831]: XAA0000016390: to=,
delay=00:00:24, xdelay=00:00:05, mailer=smtpr,
Received on Mon Aug 21 2000 - 14:02:15 NZST

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:41 NZDT