Date: Sun, 19 Sep 1999 20:31:08 -0400 (EDT) From: "Mr. K." <bsd@a.servers.aozilla.com> To: security@freebsd.org Subject: hackers? Message-ID: <Pine.BSF.4.10.9909192027150.5171-100000@inbox.org>
next in thread | raw e-mail | index | archive | help
I've just recently upgraded to sendmail 8.9, as my host was being used as a mail relay. I think I am now under some kind of attack. When I do a ps -x I get the following listings: 3814 ?? S 0:00.01 sendmail: server ABD8FFB5.ipt.aol.com [171.216.255.181] child wait (sendmail) 3816 ?? I 0:00.02 sendmail: server ABD8FFB5.ipt.aol.com [171.216.255.181] cmd read (sendmail) 3829 ?? I 0:00.01 sendmail: server ABD4F010.ipt.aol.com [171.212.240.16] child wait (sendmail) 3832 ?? I 0:00.02 sendmail: server ABD4F010.ipt.aol.com [171.212.240.16] cmd read (sendmail) 3839 ?? I 0:00.01 sendmail: server 98AC79DB.ipt.aol.com [152.172.121.219] child wait (sendmail) 3843 ?? I 0:00.02 sendmail: server 98AC79DB.ipt.aol.com [152.172.121.219] cmd read (sendmail) 3855 ?? I 0:00.01 sendmail: server ABD8452B.ipt.aol.com [171.216.69.43] child wait (sendmail) 3856 ?? I 0:00.02 sendmail: server ABD8452B.ipt.aol.com [171.216.69.43] cmd read (sendmail) 3858 ?? I 0:00.01 sendmail: server 98CB05B2.ipt.aol.com [152.203.5.178] child wait (sendmail) 3859 ?? I 0:00.02 sendmail: server 98CB05B2.ipt.aol.com [152.203.5.178] cmd read (sendmail) 3863 ?? I 0:00.01 sendmail: server ABD57D59.ipt.aol.com [171.213.125.89] child wait (sendmail) 3866 ?? I 0:00.02 sendmail: server ABD57D59.ipt.aol.com [171.213.125.89] cmd read (sendmail) 3899 ?? I 0:00.01 sendmail: server dialup-209.245.42.236.SanDiego1.Level3.net [209.245.42.236] chi 3900 ?? I 0:00.02 sendmail: server dialup-209.245.42.236.SanDiego1.Level3.net [209.245.42.236] cmd 3919 ?? I 0:00.01 sendmail: server 98A6ACF8.ipt.aol.com [152.166.172.248] child wait (sendmail) 3921 ?? I 0:00.02 sendmail: server 98A6ACF8.ipt.aol.com [152.166.172.248] cmd read (sendmail) 3933 ?? I 0:00.01 sendmail: server ABD8F59A.ipt.aol.com [171.216.245.154] child wait (sendmail) 3934 ?? I 0:00.02 sendmail: server ABD8F59A.ipt.aol.com [171.216.245.154] cmd read (sendmail) 3965 ?? I 0:00.01 sendmail: server ABD1158F.ipt.aol.com [171.209.21.143] child wait (sendmail) 3968 ?? I 0:00.02 sendmail: server ABD1158F.ipt.aol.com [171.209.21.143] cmd read (sendmail) 3979 ?? I 0:00.01 sendmail: server dlp61.wilm.eri.net [207.90.108.189] child wait (sendmail) 3980 ?? I 0:00.01 sendmail: server dlp61.wilm.eri.net [207.90.108.189] cmd read (sendmail) 3982 ?? I 0:00.01 sendmail: server 98AD84A0.ipt.aol.com [152.173.132.160] child wait (sendmail) 3983 ?? I 0:00.02 sendmail: server 98AD84A0.ipt.aol.com [152.173.132.160] cmd read (sendmail) 4046 ?? I 0:00.01 sendmail: server ABD306AA.ipt.aol.com [171.211.6.170] child wait (sendmail) 4047 ?? I 0:00.02 sendmail: server ABD306AA.ipt.aol.com [171.211.6.170] cmd read (sendmail) 4256 ?? I 0:00.01 sendmail: server 98AEC8C1.ipt.aol.com [152.174.200.193] child wait (sendmail) 4258 ?? I 0:00.02 sendmail: server 98AEC8C1.ipt.aol.com [152.174.200.193] cmd read (sendmail) 4274 ?? I 0:00.01 sendmail: server 98CE2C1D.ipt.aol.com [152.206.44.29] child wait (sendmail) 4277 ?? I 0:00.02 sendmail: server 98CE2C1D.ipt.aol.com [152.206.44.29] cmd read (sendmail) 4287 ?? I 0:00.01 sendmail: server ABD857C8.ipt.aol.com [171.216.87.200] child wait (sendmail) 4288 ?? I 0:00.02 sendmail: server ABD857C8.ipt.aol.com [171.216.87.200] cmd read (sendmail) 4328 ?? I 0:00.01 sendmail: server 98C8972D.ipt.aol.com [152.200.151.45] child wait (sendmail) 4329 ?? I 0:00.02 sendmail: server 98C8972D.ipt.aol.com [152.200.151.45] cmd read (sendmail) 4361 ?? I 0:00.01 sendmail: server 98CC072E.ipt.aol.com [152.204.7.46] child wait (sendmail) 4362 ?? I 0:00.02 sendmail: server 98CC072E.ipt.aol.com [152.204.7.46] cmd read (sendmail) 4364 ?? I 0:00.01 sendmail: server 98A68AEA.ipt.aol.com [152.166.138.234] child wait (sendmail) 4367 ?? I 0:00.02 sendmail: server 98A68AEA.ipt.aol.com [152.166.138.234] cmd read (sendmail) 4369 ?? I 0:00.01 sendmail: server 98CD50D8.ipt.aol.com [152.205.80.216] child wait (sendmail) 4370 ?? I 0:00.02 sendmail: server 98CD50D8.ipt.aol.com [152.205.80.216] cmd read (sendmail) 4471 ?? I 0:00.01 sendmail: server ABD028A4.ipt.aol.com [171.208.40.164] child wait (sendmail) 4472 ?? I 0:00.01 sendmail: server ABD028A4.ipt.aol.com [171.208.40.164] child wait (sendmail) 4473 ?? I 0:00.01 sendmail: server ABD028A4.ipt.aol.com [171.208.40.164] child wait (sendmail) 4474 ?? I 0:00.02 sendmail: server ABD028A4.ipt.aol.com [171.208.40.164] cmd read (sendmail) 4475 ?? I 0:00.02 sendmail: server ABD028A4.ipt.aol.com [171.208.40.164] cmd read (sendmail) 4476 ?? I 0:00.02 sendmail: server ABD028A4.ipt.aol.com [171.208.40.164] cmd read (sendmail) 4507 ?? I 0:00.01 sendmail: server ABD86D5D.ipt.aol.com [171.216.109.93] child wait (sendmail) 4508 ?? I 0:00.02 sendmail: server ABD86D5D.ipt.aol.com [171.216.109.93] cmd read (sendmail) 4510 ?? I 0:00.01 sendmail: server ABD96F8E.ipt.aol.com [171.217.111.142] child wait (sendmail) 4511 ?? I 0:00.02 sendmail: server ABD96F8E.ipt.aol.com [171.217.111.142] cmd read (sendmail) 4525 ?? I 0:00.01 sendmail: server 98A9E892.ipt.aol.com [152.169.232.146] child wait (sendmail) 4526 ?? I 0:00.01 sendmail: server 98A9E892.ipt.aol.com [152.169.232.146] child wait (sendmail) 4527 ?? I 0:00.02 sendmail: server 98A9E892.ipt.aol.com [152.169.232.146] cmd read (sendmail) 4528 ?? I 0:00.02 sendmail: server 98A9E892.ipt.aol.com [152.169.232.146] cmd read (sendmail) 4529 ?? I 0:00.01 sendmail: server ABD96E5D.ipt.aol.com [171.217.110.93] child wait (sendmail) 4530 ?? I 0:00.02 sendmail: server ABD96E5D.ipt.aol.com [171.217.110.93] cmd read (sendmail) 4564 ?? I 0:00.01 sendmail: server dialup-209.245.41.221.SanDiego1.Level3.net [209.245.41.221] chi 4565 ?? I 0:00.02 sendmail: server dialup-209.245.41.221.SanDiego1.Level3.net [209.245.41.221] cmd 4602 ?? I 0:00.01 sendmail: server ABD6CDDE.ipt.aol.com [171.214.205.222] child wait (sendmail) 4603 ?? I 0:00.02 sendmail: server ABD6CDDE.ipt.aol.com [171.214.205.222] cmd read (sendmail) 4637 ?? I 0:00.01 sendmail: server 98A68AEA.ipt.aol.com [152.166.138.234] child wait (sendmail) 4638 ?? I 0:00.02 sendmail: server 98A68AEA.ipt.aol.com [152.166.138.234] cmd read (sendmail) 4646 ?? I 0:00.01 sendmail: server ABD78E3B.ipt.aol.com [171.215.142.59] child wait (sendmail) 4647 ?? I 0:00.02 sendmail: server ABD78E3B.ipt.aol.com [171.215.142.59] cmd read (sendmail) 4652 ?? I 0:00.01 sendmail: server 98CD01D6.ipt.aol.com [152.205.1.214] child wait (sendmail) 4653 ?? I 0:00.02 sendmail: server 98CD01D6.ipt.aol.com [152.205.1.214] cmd read (sendmail) 4666 ?? I 0:00.01 sendmail: server 98CD0B4A.ipt.aol.com [152.205.11.74] child wait (sendmail) 4667 ?? I 0:00.01 sendmail: server 98CD0B4A.ipt.aol.com [152.205.11.74] child wait (sendmail) 4671 ?? I 0:00.02 sendmail: server 98CD0B4A.ipt.aol.com [152.205.11.74] cmd read (sendmail) 4672 ?? I 0:00.02 sendmail: server 98CD0B4A.ipt.aol.com [152.205.11.74] cmd read (sendmail) 4695 ?? I 0:00.01 sendmail: server cc405899-a.brick1.nj.home.com [24.6.84.63] child wait (sendmail 4696 ?? I 0:00.01 sendmail: server cc405899-a.brick1.nj.home.com [24.6.84.63] child wait (sendmail 4697 ?? I 0:00.02 sendmail: server cc405899-a.brick1.nj.home.com [24.6.84.63] cmd read (sendmail) 4698 ?? I 0:00.02 sendmail: server cc405899-a.brick1.nj.home.com [24.6.84.63] cmd read (sendmail) 4700 ?? I 0:00.01 sendmail: server 98A68AEA.ipt.aol.com [152.166.138.234] child wait (sendmail) 4701 ?? I 0:00.02 sendmail: server 98A68AEA.ipt.aol.com [152.166.138.234] cmd read (sendmail) 4709 ?? I 0:00.01 sendmail: server 98CD4F2A.ipt.aol.com [152.205.79.42] child wait (sendmail) 4711 ?? I 0:00.02 sendmail: server 98CD4F2A.ipt.aol.com [152.205.79.42] cmd read (sendmail) 4801 ?? I 0:00.01 sendmail: server 98A72163.ipt.aol.com [152.167.33.99] child wait (sendmail) 4802 ?? I 0:00.02 sendmail: server 98A72163.ipt.aol.com [152.167.33.99] cmd read (sendmail) 4830 ?? I 0:00.01 sendmail: server ABD605BD.ipt.aol.com [171.214.5.189] child wait (sendmail) 4831 ?? I 0:00.02 sendmail: server ABD605BD.ipt.aol.com [171.214.5.189] cmd read (sendmail) 4839 ?? I 0:00.01 sendmail: server cc353189-a.owml1.md.home.com [24.3.39.239] child wait (sendmail 4840 ?? I 0:00.02 sendmail: server cc353189-a.owml1.md.home.com [24.3.39.239] cmd read (sendmail) 4845 ?? I 0:00.01 sendmail: server 98C992C9.ipt.aol.com [152.201.146.201] child wait (sendmail) 4846 ?? I 0:00.01 sendmail: server 98C992C9.ipt.aol.com [152.201.146.201] child wait (sendmail) 4847 ?? I 0:00.01 sendmail: server 98C992C9.ipt.aol.com [152.201.146.201] child wait (sendmail) 4848 ?? I 0:00.01 sendmail: server 98C992C9.ipt.aol.com [152.201.146.201] child wait (sendmail) 4849 ?? I 0:00.02 sendmail: server 98C992C9.ipt.aol.com [152.201.146.201] cmd read (sendmail) 4850 ?? I 0:00.02 sendmail: server 98C992C9.ipt.aol.com [152.201.146.201] cmd read (sendmail) 4851 ?? I 0:00.02 sendmail: server 98C992C9.ipt.aol.com [152.201.146.201] cmd read (sendmail) 4852 ?? I 0:00.02 sendmail: server 98C992C9.ipt.aol.com [152.201.146.201] cmd read (sendmail) 4860 ?? S 0:00.59 /usr/local/sbin/sshd (sshd1) 4896 ?? I 0:00.01 sendmail: server 98CD742E.ipt.aol.com [152.205.116.46] child wait (sendmail) 4897 ?? I 0:00.02 sendmail: server 98CD742E.ipt.aol.com [152.205.116.46] cmd read (sendmail) 4904 ?? I 0:00.01 sendmail: server 98ADEA9D.ipt.aol.com [152.173.234.157] child wait (sendmail) 4905 ?? I 0:00.02 sendmail: server 98ADEA9D.ipt.aol.com [152.173.234.157] cmd read (sendmail) 4906 ?? I 0:00.01 sendmail: server 98A9848F.ipt.aol.com [152.169.132.143] child wait (sendmail) 4907 ?? I 0:00.02 sendmail: server 98A9848F.ipt.aol.com [152.169.132.143] cmd read (sendmail) 4918 ?? I 0:00.01 sendmail: server ABD4D9A4.ipt.aol.com [171.212.217.164] child wait (sendmail) 4919 ?? I 0:00.02 sendmail: server ABD4D9A4.ipt.aol.com [171.212.217.164] cmd read (sendmail) 5034 ?? I 0:00.01 sendmail: server host92.iline.com [207.30.115.92] child wait (sendmail) 5036 ?? I 0:00.02 sendmail: server host92.iline.com [207.30.115.92] cmd read (sendmail) 5055 ?? I 0:00.01 sendmail: server 98CB1D1B.ipt.aol.com [152.203.29.27] child wait (sendmail) 5057 ?? I 0:00.02 sendmail: server 98CB1D1B.ipt.aol.com [152.203.29.27] cmd read (sendmail) 5089 ?? I 0:00.01 sendmail: server ABD9AEE0.ipt.aol.com [171.217.174.224] child wait (sendmail) 5090 ?? I 0:00.02 sendmail: server ABD9AEE0.ipt.aol.com [171.217.174.224] cmd read (sendmail) 5091 ?? I 0:00.01 sendmail: server 98A7BAF4.ipt.aol.com [152.167.186.244] child wait (sendmail) 5092 ?? I 0:00.02 sendmail: server 98A7BAF4.ipt.aol.com [152.167.186.244] cmd read (sendmail) 5097 ?? I 0:00.01 sendmail: server 98A73695.ipt.aol.com [152.167.54.149] child wait (sendmail) 5098 ?? I 0:00.02 sendmail: server 98A73695.ipt.aol.com [152.167.54.149] cmd read (sendmail) 5114 ?? I 0:00.01 sendmail: server 98CD4F2A.ipt.aol.com [152.205.79.42] child wait (sendmail) 5115 ?? I 0:00.02 sendmail: server 98CD4F2A.ipt.aol.com [152.205.79.42] cmd read (sendmail) 5116 ?? I 0:00.01 sendmail: server 98AA2318.ipt.aol.com [152.170.35.24] child wait (sendmail) 5117 ?? I 0:00.02 sendmail: server 98AA2318.ipt.aol.com [152.170.35.24] cmd read (sendmail) 5137 ?? I 0:00.01 sendmail: server ABD15CDE.ipt.aol.com [171.209.92.222] child wait (sendmail) 5138 ?? I 0:00.02 sendmail: server ABD15CDE.ipt.aol.com [171.209.92.222] cmd read (sendmail) 5149 ?? I 0:00.01 sendmail: server 98C992C9.ipt.aol.com [152.201.146.201] child wait (sendmail) 5150 ?? I 0:00.02 sendmail: server 98C992C9.ipt.aol.com [152.201.146.201] cmd read (sendmail) 5158 ?? I 0:00.01 sendmail: server p359.gnt.com [204.49.91.167] child wait (sendmail) 5159 ?? I 0:00.02 sendmail: server p359.gnt.com [204.49.91.167] cmd read (sendmail) 5172 ?? I 0:00.01 sendmail: server pm4-249.dialup.flinet.com [208.14.24.249] child wait (sendmail) 5173 ?? I 0:00.02 sendmail: server pm4-249.dialup.flinet.com [208.14.24.249] cmd read (sendmail) Is there anything I can do to stop this? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9909192027150.5171-100000>