November 22nd, 2005, 08:01 AM
Similar to the other thread I posted... this command is odd.
It was run on 2 different honeypots, a month in between each other. This tells me that there must have been some success with this command from attack 1 to attack 2, otherwise... why keep using it?
It's pretty clear that it's probably to test for an open relay, or any mail sending capacity... that much is obvious. This command is odd and broken... I don't understand why this particular command was used! As far as I can tell, it wouldn't work in any enviroment I've ever worked on. The man page for sendmail provides no help.
What's the colon do?
Where could this work?
That's the command, run at the shell, all one line. Any ideas as to what could be going on?
Thanks, much appreciated.
November 22nd, 2005, 10:43 AM
From what I see here I think you might be dealing with a foreign language version of Sendmail.....
That's a Wild Assed Guess of course.... I'll look into this more when I get to work.....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides