| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <814b9d5050814105134df7860@mail.gmail.com>
Date: Sun Aug 14 19:42:58 2005
From: milw0rm at gmail.com (milw0rm Inc.)
Subject: IMAP scans? Something going on I should
knowabout?
List of what I have for imapd vulns.
Look both at the Description and Code sections.
http://www.milw0rm.com/search.php?dong=imapd
/str0ke
On 8/14/05, Aditya Deshmukh
<aditya.deshmukh@...ine.gateway.strangled.net> wrote:
> My personal logs for imap scan for last 3 days -
>
> 11/08/2005 10:47:29 IMAP: (Accept) Receiving from 218.47.179.77
> 11/08/2005 10:48:00 IMAP: (Accept) Receiving from 218.47.179.77
> 12/08/2005 10:31:06 IMAP: (Accept) Receiving from 220.224.38.222
> 12/08/2005 14:00:34 IMAP: (Accept) Receiving from 61.155.62.178
> 12/08/2005 14:00:35 IMAP: (Accept) Receiving from 61.155.62.178
> 12/08/2005 14:08:57 IMAP: (Accept) Receiving from 61.155.62.178
> 12/08/2005 14:08:58 IMAP: (Accept) Receiving from 61.155.62.178
> 12/08/2005 19:11:59 IMAP: (Accept) Receiving from 220.224.1.25
> 13/08/2005 07:17:36 IMAP: (Accept) Receiving from 220.224.3.145
> 13/08/2005 12:09:46 IMAP: (Accept) Receiving from 220.224.48.17
> 13/08/2005 13:37:34 IMAP: (Accept) Receiving from 61.155.62.178
> 13/08/2005 13:37:36 IMAP: (Accept) Receiving from 61.155.62.178
> 13/08/2005 13:49:08 IMAP: (Accept) Receiving from 220.224.0.106
> 13/08/2005 17:03:32 IMAP: (Accept) Receiving from 220.224.0.214
> 13/08/2005 17:03:35 IMAP: (Accept) Receiving from 220.224.0.214
> 13/08/2005 18:44:57 IMAP: (Accept) Receiving from 220.224.36.248
> 13/08/2005 18:45:00 IMAP: (Accept) Receiving from 220.224.36.248
> 13/08/2005 22:23:22 IMAP: (Accept) Receiving from 220.224.21.178
> 13/08/2005 22:53:11 IMAP: (Accept) Receiving from 220.224.0.173
> 13/08/2005 22:53:14 IMAP: (Accept) Receiving from 220.224.0.173
> 14/08/2005 01:38:45 IMAP: (Accept) Receiving from 220.224.17.140
> 14/08/2005 01:38:47 IMAP: (Accept) Receiving from 220.224.17.140
> 14/08/2005 11:39:52 IMAP: (Accept) Receiving from 61.155.62.178
> 14/08/2005 11:39:53 IMAP: (Accept) Receiving from 61.155.62.178
> 14/08/2005 11:45:31 IMAP: (Accept) Receiving from 58.1.64.17
> 14/08/2005 11:45:33 IMAP: (Accept) Receiving from 58.1.64.17
> 14/08/2005 13:07:19 IMAP: (Accept) Receiving from 220.224.2.50
> 14/08/2005 13:07:29 IMAP: (Accept) Receiving from 220.224.2.50
> 14/08/2005 15:08:35 IMAP: (Accept) Receiving from 220.224.41.75
> 14/08/2005 16:40:42 IMAP: (Accept) Receiving from 220.175.143.169
> 14/08/2005 16:40:44 IMAP: (Accept) Receiving from 220.175.143.169
> 14/08/2005 16:42:02 IMAP: (Accept) Receiving from 220.224.11.220
> 14/08/2005 16:42:10 IMAP: (Accept) Receiving from 220.224.11.220
> 14/08/2005 17:19:17 IMAP: (Accept) Receiving from 220.224.42.213
> 14/08/2005 21:58:15 IMAP: (Accept) Receiving from 219.65.238.37
> 14/08/2005 21:58:18 IMAP: (Accept) Receiving from 219.65.238.37
>
> > Anything going on out there that I've missed? Thanks!
>
> I would like to know is there some imap exploit floating about ?
> I am trying to get a packet dump I will post as soon as I get one.
> I have set the next alert to be logged with the packet dump
>
> Can anyone else also get a packet dump for correlation ?
>
> - Aditya
>
>
> begin 666 smime.p7s
> M,( &"2J&2(;W#0$'`J" ,( "`0$Q"S )!@4K#@,"&@4`,( &"2J&2(;W#0$'
> M`0``H(()?3""`P4P@@)NH ,"`0("`P]$"# -!@...DB&]PT!`00%`#!B,0LP
> M"08#500&$P):03$E,",&`U4$"A,<5&AA=W1E($-O;G-U;'1I;F<@*%!T>2D@
> M3'1D+C$L,"H&`U4$`Q,C5&AA=W1E(%!E<G-O;F%L($9R965M86EL($ES<W5I
> M;F<@0T$P'A<-,#4P.# X,#0T.#0V6A<-,#8P.# X,#0T.#0V6C!>,1\P'08#
> M500#$Q94:&%W=&4@1G)E96UA:6P@...M8F5R,3LP.08)*H9(AO<-`0D!%BQA
> M9&ET>6$N9&5S:&UU:VA ;VYL:6YE+F=A=&5W87DN<W1R86YG;&5D+FYE=#""
> M`2(P#08)*H9(AO<-`0$!!0`#@@$/`#""`0H"@@$!`*V[W[(L0FU!P+1;>W$3
> M#Y[VQE1?27[6O))6O0TQLW<>.T@"MP_U8N/"P@...-Q4J_GR0P_=0B-%7T%]
> M/_*118FW<GJTQ2Y6+T6.JZ-"<V1#&@1"$E^;LBB1=GQ*5H)6W.? .[":C?!3
> M,&\>>JE!@...GU[LWI=RGS,1J*ZPO1$$IU5'0C]8<::RUXQP#U>TTOXC,;U"
> M0.[%) ]V#K2#6<V^(<$TRLCR(7&T7ZR\$U?4)$;$. Z58&1SU5-$4^5S8K*5
> MP6 (2;QCS9)QQIY<^9FI5T<=H6^($95*"Z"1N*S6H+@...7W[RL9VM9^D]!1
> M9,MC2J,`"9T3)^PF*1LSDJL"`P$``:-),$<P-P8#51T1!# P+H$L861I='EA
> M+F1E<VAM=6MH0&]N;&EN92YG871E=V%Y+G-T<F%N9VQE9"YN970P# 8#51T3
> M`0'_! (P`# -!@...DB&]PT!`00%``.!@0"BDKT.@ H76F=3A< 6U35ML_P[
> MA^I;Y'@>AY.E&P[2_W9XX=QE<<@]*K%%\<A5(YA>;R6?<"W&ZX2A]ZU%K",%
> MBXMM!V2R'^.5P!5 A+R&K^$(G9?,MQBX5#NX"_6)<BHH<))CUL(%+XMI&$<G
> MK]YHF?3R3ET,*64XME+=L%H'.#""`RTP@@*6H ,"`0("`0`P#08)*H9(AO<-
> M`0$$!0`P@=$Q"S )!@-5! 83`EI!,14P$P8#500($PQ797-T97)N($-A<&4Q
> M$C 0!@-5! <3"4-A<&4@5&]W;C$:,!@...4$"A,15&AA=W1E($-O;G-U;'1I
> M;F<Q*# F!@-5! L3'T-E<G1I9FEC871I;VX@...R=FEC97,@1&EV:7-I;VXQ
> M)# B!@-5! ,3&U1H87=T92!097)S;VYA;"!&<F5E;6%I;"!#03$K,"D&"2J&
> M2(;W#0$)`18<<&5R<V]N86PM9G)E96UA:6Q =&AA=W1E+F-O;3 >%PTY-C Q
> M,#$P,# P,#!:%PTR,#$R,S$R,S4Y-3E:,('1,0LP"08#500&$P):03$5,!,&
> M`U4$"!,,5V5S=&5R;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQ&C 8!@-5
> M! H3$51H87=T92!#;VYS=6QT:6YG,2@P)@8#500+$Q]#97)T:69I8V%T:6]N
> M(%-E<G9I8V5S($1I=FES:6]N,20P(@8#500#$QM4:&%W=&4@...R<V]N86P@
> M1G)E96UA:6P@...Q*S I!@...DB&]PT!"0$6''!E<G-O;F%L+69R965M86EL
> M0'1H87=T92YC;VTP@9\P#08)*H9(AO<-`0$!!0`#@8T`,(&)`H&!`-1IU]2P
> ME&1;<>E'V Q1MNIRD;"$7GTM#8][$M^%)74H=#I"+&,GGY5[2^]^&8<=ANJC
> MW;G.EF0:PA1N1*Q\YH_H30]Q'T XI@"CAWCV^92&7JWJP%YVZ]D4HUUN>GP,
> MI4M5?P89*7^>FB;5:KLX) AJF,>QVJ.8D?UYV^5:Q!RY`@,!``&C$S 1, \&
> M`U4=$P$!_P0%, ,!`?\P#08)*H9(AO<-`0$$!0`#@...Q^R2?D[X]9:E9V(J
> MI/!-$6#0;XU@...L)KM2-5P(SS#[J$J6BA]B0B.,%P_TNF2<%ZQ'*=^=F%[2
> M;&!Q7**LW'GCYVX`1Q^U#2CH`IWDFOT3]*;9?+'XW%\C)@F1@...%!O>0ZF#
> M)?+FG"\5ROZFJXH'=8L,W5&$:^3XT<YWHH$P@@,_,(("J* #`@$"`@$-, T&
> M"2J&2(;W#0$!!04`,('1,0LP"08#500&$P):03$5,!,&`U4$"!,,5V5S=&5R
> M;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQ&C 8!@-5! H3$51H87=T92!#
> M;VYS=6QT:6YG,2@P)@8#500+$Q]#97)T:69I8V%T:6]N(%-E<G9I8V5S($1I
> M=FES:6]N,20P(@8#500#$QM4:&%W=&4@...R<V]N86P@1G)E96UA:6P@...Q
> M*S I!@...DB&]PT!"0$6''!E<G-O;F%L+69R965M86EL0'1H87=T92YC;VTP
> M'A<-,#,P-S$W,# P,# P6A<-,3,P-S$V,C,U.34Y6C!B,0LP"08#500&$P):
> M03$E,",&`U4$"A,<5&AA=W1E($-O;G-U;'1I;F<@*%!T>2D@...D+C$L,"H&
> M`U4$`Q,C5&AA=W1E(%!E<G-O;F%L($9R965M86EL($ES<W5I;F<@0T$P@9\P
> M#08)*H9(AO<-`0$!!0`#@8T`,(&)`H&!`,2F/%5S5?M.N<J96AYHP'4$<)W?
> MZ?^C'NR]S?5;\AIVO7\,.F'ROU'.`=3E4 HPUP)C6BR)%7".W<GP*X5:JC]Q
> M5LNO/ L'Y_$?D38D*A//*]7S@G<]`[XK_KL8/@>_0( "9->GIKN?9='%*E2%
> M#T@$?Z>VT3QA!$ >9!ER8+?[`@,!``&C@90P@...$@...1T3`0'_! @P!@$!
> M_P(!`#!#!@...1\$/# Z,#B@-J TAC)H='1P.B\O8W)L+G1H87=T92YC;VTO
> M5&AA=W1E4&5R<V]N86Q&<F5E;6%I;$-!+F-R;# +!@...0\$! ,"`08P*08#
> M51T1!"(P(*0>,!PQ&C 8!@-5! ,3$5!R:79A=&5,86)E;#(M,3,X, T&"2J&
> M2(;W#0$!!04``X&!`$B,T5"#Z@LNS VC9JQG#W^OK+["%Z%#EI2=?TPAN/@V
> M'ZHMGS8OP/0<4""3<#S]K>%A8L/9.AE^A+&9&P#%&@N"=)XE4)1BQ]LG<5<E
> MC=VIG#F.C"!/95^5VO?WA];&"$ZN]NHTY1 :6S5-=^-6(7B"W"$9-=XDL=,=
> M1O]=7V5/,8(#MS""`[,"`0$P:3!B,0LP"08#500&$P):03$E,",&`U4$"A,<
> M5&AA=W1E($-O;G-U;'1I;F<@*%!T>2D@...D+C$L,"H&`U4$`Q,C5&AA=W1E
> M(%!E<G-O;F%L($9R965M86EL($ES<W5I;F<@0T$"`P]$"# )!@4K#@,"&@4`
> MH(("(S 8!@...DB&]PT!"0,Q"P8)*H9(AO<-`0<!,!P&"2J&2(;W#0$)!3$/
> M%PTP-3 X,30Q-S,T,S=:,",&"2J&2(;W#0$)!#$6!!0@...A.2$W0AF=HTE_
> M3#!:9D[+1C!E!@...DB&]PT!"1 "`3%6,%0$'0`````0````^=#S1X^:1$*$
> M\F'GZD5=L@...```@ $`,# P+H$L861I='EA+F1E<VAM=6MH0&]N;&EN92YG
> M871E=V%Y+G-T<F%N9VQE9"YN970P9P8)*H9(AO<-`0D/,5HP6# *!@@JADB&
> M]PT#!S .!@@JADB&]PT#`@("`( P#08(*H9(AO<-`P("`4 P!P8%*PX#`@<P
> M#08(*H9(AO<-`P("`2@...8%*PX#`AHP"@8(*H9(AO<-`@4P> 8)*P8!! &"
> M-Q $,6LP:3!B,0LP"08#500&$P):03$E,",&`U4$"A,<5&AA=W1E($-O;G-U
> M;'1I;F<@*%!T>2D@...D+C$L,"H&`U4$`Q,C5&AA=W1E(%!E<G-O;F%L($9R
> M965M86EL($ES<W5I;F<@0T$"`P]$"#!Z!@...DB&]PT!"1 ""S%KH&DP8C$+
> M, D&`U4$!A,"6D$Q)3 C!@-5! H3'%1H87=T92!#;VYS=6QT:6YG("A0='DI
> M($QT9"XQ+# J!@-5! ,3(U1H87=T92!097)S;VYA;"!&<F5E;6%I;"!)<W-U
> M:6YG($-!`@,/1 @P#08)*H9(AO<-`0$!!0`$@@$`HWDW-*\U5X&[3S,OO=-S
> MJ20>`!"=$H[2A0Q)M<\Z";%=W@...XS9ZQV^E*I29>UC=^LAGB-#T^!M)7@6
> M_ETK#*X>*=CKW8[*%1"#A+AHAC/K&:7N:W3H`4/<4G#EJ_9$PFZP$]BYUZD5
> M<TW!Z%.M7"]S&5_><Y2VDCY[]S,"0# 6\/N]/Z)X!L!Y>][_2#1<<Z18V1&6
> MHM!@...HR8\$#O@N,XYWS8=Y#7L(=<6^0<Z--]XMP2F>:X<(JTF8&>@.NHFK
> M/\J=P/97#W3,: ;3:4S1-7Q&MZWLBZPGK_LKKXH"C@F_@)^J$;9@LE0[;X'1
> 6K_'%L!V.<Z!&C "?9DBQ? ``````````
> `
> end
>
>
> ________________________________________________________________________
> Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Powered by blists - more mailing lists