|
SMTP DEBUG command |
|
|
|
| FAQ | |||
|
|
SummarySomebody is probably running a vulnerability scanner against your system.
Details
In 1988, the Morris worm took down the Internet. One of the ways the worm propogated was through the sendmail program. Sendmail supported a non-standard command called "DEBUG" that would allow anybody the ability to take over the server. The Morris worm automated this process in order to spread throughout most of the sendmail systems on the Internet.
These days, it is improbable that you'll find any of these old sendmail servers on the network. Therefore, this alert usually indicates that somebody is running a broad-spectrum vulnerability scanner against the target system.
False positives
Sometimes the system gets slightly out of sync with the TCP connection when it experiences heavy packet loss, and may incorrectly trigger on the DEBUG command.
For example, if you run the server-version of the product on a 486 system that processes large amounts of e-mail, such desynchronization can occur.
Vulnerable Systems
Sendmail/5.5.8
| more information |
|
Version appeared: