'; echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "www.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "www.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "www.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "www.hp-telecom.com") { echo ''; echo 'hp-telecom'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

SMTP Attack (Attack ID:500028)

Release Date:2009-09-27

Attack Name:Expn root

OS Type:Linux Unix

Application Type

Severity:Warning

BUG ID

CVE ID

 

Description

This event is generated when an attempt is made to expand the alias of root on a Sendmail server.

An attacker may probe for email addresses associated with the alias of root on a Sendmail server. The 'expn' command expands the alias into a list of actual recipients associated with the alias. This command can be used to determine who reads the mail sent to the administrator. It may be used by spammers to get valid email accounts or may be used to discover valid accounts on the Sendmail server.

Impact:
Reconnaissance. This is an attempt to discover email addresses associated with the alias of root for a Sendmail server.

Affected Systems:
Versions of Sendmail that do not disable expn.

Additional References:
http://www.osvdb.org/12551
http://www.whitehats.com/info/IDS31
http://cgi.nessus.org/plugins/dump.php3?id=10249

 

Solution

Ensure the system is using an up to date version of the software and has had all vendor supplied patches applied.