2 Nov
2023
2 Nov
'23
22:05
On 11/2/23 13:10, Bob Rogers wrote:
The fact that some of the bytes are printable ASCII does not mean that this is not shellcode.
Agreed, but the fact that it contains nul-characters does prevent it from being shell-code. It's strange. I'll have to search harder to see what Posfix is actually reporting and what all it does with the unexpected pipeline. The activity is definitely up in the past week. No successful intrusions yet, but many from LATNIC, normal from RIPE and a smattering from ARIN and US addresses. There is some new CVE being targeted I haven't clued into yet. But with this many new attempts targeting mail in particular, as Sherlock Holmes would say "the game is afoot". -- David C. Rankin, J.D.,P.E.