Results 1 to 6 of 6

Thread: honeyd: smtp & attachments

Threaded View

  1. July 19th, 2007, 05:27 PM #1
    stanger
    stanger is offline
    Senior Member
    Join Date
    Aug 2003
    Posts
    185

    Exclamation honeyd: smtp & attachments

    my server went down caused by power supply.
    so i put a CNAME record in to point to my homemachine.
    the ISP did his work very quickly and i deleted the CNAME.
    it had been there for 10 minutes.
    -
    i'm running honeyd at my homie supporting port 25 ,too.
    -
    ...now i'm receiving large amount of crap like this
    (it looks like that first the port 25 got checked by <b>titan.cvpa.usf.edu</b>
    and then a mail was sent from different places containing a pdf file):
    <code>
    --MARK--,"Thu Jul 19 17:06:39 CEST 2007","exchange/SMTP","131.247.128.35","172.16.1.5",30839,25,
    "",
    --ENDMARK--
    --MARK--,"Thu Jul 19 17:12:10 CEST 2007","exchange/SMTP","200.88.42.111","172.16.1.5",3214,25,
    "EHLO 111santiagord12.codetel.net.do
    MAIL FROM:<[email protected]>
    RCPT TO:<[email protected]> (edited)
    DATA
    Received: from PC01 ([112.192.159.159] helo=PC01)
    by 111santiagord12.codetel.net.do ( sendmail 8.13.3/8.13.1) with esmtpa id 1YHEOz-000VPA-qj
    for [email protected] ; Thu, 19 Jul 2007 09:51:24 -0400 (edited)
    Message-ID: <000f01c7ca0b$d6865f90$6f2a58c8@PC01>
    From: "ayman Fegerman" <[email protected]>
    To: [email protected] (edited)
    Subject: Emailing: Rechenschaft86516.pdf
    Date: Thu, 19 Jul 2007 09:50:59 -0400
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary="----=_NextPart_000_000B_01C7C9EA.4F74BF90"
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 6.00.2900.3138
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138

    ------=_NextPart_000_000B_01C7C9EA.4F74BF90
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_001_000C_01C7C9EA.4F74BF90"


    ------=_NextPart_001_000C_01C7C9EA.4F74BF90
    Content-Type: text/plain;
    charset="iso-8859-1"
    Content-Transfer-Encoding: quoted-printable


    The message is ready to be sent with the following file or link =
    attachments:
    Rechenschaft86516.pdf
    ------snap
    </code>

    can you comprehend this or have you got information about the host at usf.edu ?
    google doesn't help.

    tnx

    pls ask for full logfile.

    nachtrag:
    may be you would be able to identify by:
    <META content=3D"MSHTML 6.00.2900.3132" name=3DGENERATOR>
    Last edited by stanger; July 19th, 2007 at 05:45 PM. Reason: forgot something ;)
    Industry Kills Music.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. Tcp/ip
    By gore in forum Newbie Security Questions
    Replies: 11
    Last Post: December 29th, 2003, 08:01 AM
  2. Vulnerability: IIS Microsoft SMTP Service Encapsulated SMTP Address
    By s0nIc in forum Microsoft Security Discussions
    Replies: 0
    Last Post: July 14th, 2002, 04:09 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules