From owner-freebsd-security Thu Sep 6 6:12:25 2001 Delivered-To: freebsd-security@freebsd.org Received: from www.suntop-cn.com (www.suntop-cn.com [61.140.76.155]) by hub.freebsd.org (Postfix) with ESMTP id 0CC0337B401 for ; Thu, 6 Sep 2001 06:12:22 -0700 (PDT) Received: from win ([61.144.144.199]) (authenticated) by www.suntop-cn.com (8.11.3/8.11.3) with ESMTP id f86DCEh07625 for ; Thu, 6 Sep 2001 21:12:19 +0800 (CST) (envelope-from slack@suntop-cn.com) Message-ID: <015701c136d5$91352e00$9201a8c0@home.net> From: "edwin chan" To: Subject: when mail full /tmp partition, system cracked Date: Thu, 6 Sep 2001 21:12:16 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org yesterday, one of our staff attack down by "sircam" virus(worm), he's computer send many many mail to all of us. So, many evil mails full the file system partition(/var). we got our mailserver died. just can ping the box, but telnet ssh web mysql etc all died, not one can login or do anything for the box. finally, we reboot box. we found the messages in log: Sep 5 21:00:33 www /kernel: swap_pager: out of swap space Sep 5 21:00:33 www /kernel: swap_pager_getswapspace: failed we know logs/mails/mysql-data stored in /var partition, which process crash the box ? or just full /var can crash my box ? edwin chen To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message