[Nolug] Security problem?

From: Chuck <ohchucki_at_bellsouth.net>
Date: Thu, 17 Oct 2002 11:13:04 -0500
Message-ID: <00d501c275f8$12d58ec0$0200a8c0@dell>

I have a Linux machine connected directly to the internet which is
running qmail. The other day I got a bounced bounce message to some
e-mail address at yahoo.com. I have no idea who this person is. Anyone
familiar with how this person got this e-mail message sent and how they
managed to insert details about my machine into the e-mail? I don't have
an open mail relay.

--- Below this line is a copy of the message.

Return-Path: <anonymous@michoud.com>
Received: (qmail 21624 invoked by uid 48); 13 Oct 2002 23:38:52 -0000
Date: 13 Oct 2002 23:38:52 -0000
Message-ID: <20021013233852.21622.qmail@michoud.com>
From: anonymous@michoud.com
To: cinik_worm@yahoo.com
Subject: 192.168.0.1

PROC
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 7
model name : Pentium III (Katmai)
stepping : 3
cpu MHz : 598.406
cache size : 512 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 2
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 sep mtrr pge mca
cmov pat pse36 mmx fxsr sse
bogomips : 1192.75

MEM
             total used free shared buffers
cached
Mem: 384468 380912 3556 72 144292
119916
-/+ buffers/cache: 116704 267764
Swap: 1565376 0 1565376
HDD
Filesystem Size Used Avail Use% Mounted on
/dev/hda2 2.2G 1.5G 668M 69% /
/dev/hda1 49M 5.9M 41M 13% /boot
/dev/hdb1 15G 6.4G 8.0G 45% /home
/dev/hdb2 2.9G 534M 2.2G 20% /var
none 188M 0 187M 0% /dev/shm
IP
eth0 Link encap:Ethernet HWaddr 00:E0:29:06:BC:BF
          inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:928799 errors:1 dropped:0 overruns:0 frame:0
          TX packets:820862 errors:3 dropped:0 overruns:0 carrier:3
          collisions:0 txqueuelen:100
          RX bytes:117780318 (112.3 Mb) TX bytes:293833047 (280.2 Mb)
          Interrupt:9

eth1 Link encap:Ethernet HWaddr 00:10:4B:DA:2A:17
          inet addr:66.157.2.42 Bcast:66.157.3.255 Mask:255.255.252.0
          UP BROADCAST NOTRAILERS RUNNING MTU:1500 Metric:1
          RX packets:754829 errors:0 dropped:0 overruns:0 frame:0
          TX packets:870938 errors:0 dropped:0 overruns:0 carrier:0
          collisions:67 txqueuelen:100
          RX bytes:230141475 (219.4 Mb) TX bytes:107115112 (102.1 Mb)
          Interrupt:5 Base address:0x280 DMA chan:3

lo Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          UP LOOPBACK RUNNING MTU:16436 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

___________________
Nolug mailing list
nolug@nolug.org
Received on 10/17/02

This archive was generated by hypermail 2.2.0 : 12/19/08 EST