Date: Tue, 21 Sep 1999 14:52:42 -0400 From: "Joe Gleason" <freebsd.list@bug.tasam.com> To: "Mr. K." <bsd@a.servers.aozilla.com>, <security@FreeBSD.ORG> Subject: Re: hackers? Message-ID: <001501bf0462$94adfdc0$256b52c6@tasam.com> References: <Pine.BSF.4.10.9909192027150.5171-100000@inbox.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I would suspect spaming through your system. Run mailq and see what it says. http://www.sendmail.org/ has lots of info about configuring sendmail to deny such relaying.... Also, you might want to look in /var/spool/mqueue and open a few files to see what is actually occering and figure out why your server is agreeing to relay it. Joe Gleason Tasam ----- Original Message ----- From: Mr. K. <bsd@a.servers.aozilla.com> To: <security@FreeBSD.ORG> Sent: Sunday, September 19, 1999 20:31 Subject: hackers? > I've just recently upgraded to sendmail 8.9, as my host was being used as > a mail relay. I think I am now under some kind of attack. When I do a ps > -x I get the following listings: > > 3814 ?? S 0:00.01 sendmail: server ABD8FFB5.ipt.aol.com > [171.216.255.181] child wait (sendmail) > 3816 ?? I 0:00.02 sendmail: server ABD8FFB5.ipt.aol.com > [171.216.255.181] cmd read (sendmail) > 3829 ?? I 0:00.01 sendmail: server ABD4F010.ipt.aol.com > [171.212.240.16] child wait (sendmail) > 3832 ?? I 0:00.02 sendmail: server ABD4F010.ipt.aol.com > [171.212.240.16] cmd read (sendmail) > 3839 ?? I 0:00.01 sendmail: server 98AC79DB.ipt.aol.com > [152.172.121.219] child wait (sendmail) > 3843 ?? I 0:00.02 sendmail: server 98AC79DB.ipt.aol.com > [152.172.121.219] cmd read (sendmail) > 3855 ?? I 0:00.01 sendmail: server ABD8452B.ipt.aol.com > [171.216.69.43] child wait (sendmail) > 3856 ?? I 0:00.02 sendmail: server ABD8452B.ipt.aol.com > [171.216.69.43] cmd read (sendmail) > 3858 ?? I 0:00.01 sendmail: server 98CB05B2.ipt.aol.com > [152.203.5.178] child wait (sendmail) > 3859 ?? I 0:00.02 sendmail: server 98CB05B2.ipt.aol.com > [152.203.5.178] cmd read (sendmail) > 3863 ?? I 0:00.01 sendmail: server ABD57D59.ipt.aol.com > [171.213.125.89] child wait (sendmail) > 3866 ?? I 0:00.02 sendmail: server ABD57D59.ipt.aol.com > [171.213.125.89] cmd read (sendmail) > 3899 ?? I 0:00.01 sendmail: server > dialup-209.245.42.236.SanDiego1.Level3.net [209.245.42.236] chi > 3900 ?? I 0:00.02 sendmail: server > dialup-209.245.42.236.SanDiego1.Level3.net [209.245.42.236] cmd > 3919 ?? I 0:00.01 sendmail: server 98A6ACF8.ipt.aol.com > [152.166.172.248] child wait (sendmail) > 3921 ?? I 0:00.02 sendmail: server 98A6ACF8.ipt.aol.com > [152.166.172.248] cmd read (sendmail) > 3933 ?? I 0:00.01 sendmail: server ABD8F59A.ipt.aol.com > [171.216.245.154] child wait (sendmail) > 3934 ?? I 0:00.02 sendmail: server ABD8F59A.ipt.aol.com > [171.216.245.154] cmd read (sendmail) > 3965 ?? I 0:00.01 sendmail: server ABD1158F.ipt.aol.com > [171.209.21.143] child wait (sendmail) > 3968 ?? I 0:00.02 sendmail: server ABD1158F.ipt.aol.com > [171.209.21.143] cmd read (sendmail) > 3979 ?? I 0:00.01 sendmail: server dlp61.wilm.eri.net > [207.90.108.189] child wait (sendmail) > 3980 ?? I 0:00.01 sendmail: server dlp61.wilm.eri.net > [207.90.108.189] cmd read (sendmail) > 3982 ?? I 0:00.01 sendmail: server 98AD84A0.ipt.aol.com > [152.173.132.160] child wait (sendmail) > 3983 ?? I 0:00.02 sendmail: server 98AD84A0.ipt.aol.com > [152.173.132.160] cmd read (sendmail) > 4046 ?? I 0:00.01 sendmail: server ABD306AA.ipt.aol.com > [171.211.6.170] child wait (sendmail) > 4047 ?? I 0:00.02 sendmail: server ABD306AA.ipt.aol.com > [171.211.6.170] cmd read (sendmail) > 4256 ?? I 0:00.01 sendmail: server 98AEC8C1.ipt.aol.com > [152.174.200.193] child wait (sendmail) > 4258 ?? I 0:00.02 sendmail: server 98AEC8C1.ipt.aol.com > [152.174.200.193] cmd read (sendmail) > 4274 ?? I 0:00.01 sendmail: server 98CE2C1D.ipt.aol.com > [152.206.44.29] child wait (sendmail) > 4277 ?? I 0:00.02 sendmail: server 98CE2C1D.ipt.aol.com > [152.206.44.29] cmd read (sendmail) > 4287 ?? I 0:00.01 sendmail: server ABD857C8.ipt.aol.com > [171.216.87.200] child wait (sendmail) > 4288 ?? I 0:00.02 sendmail: server ABD857C8.ipt.aol.com > [171.216.87.200] cmd read (sendmail) > 4328 ?? I 0:00.01 sendmail: server 98C8972D.ipt.aol.com > [152.200.151.45] child wait (sendmail) > 4329 ?? I 0:00.02 sendmail: server 98C8972D.ipt.aol.com > [152.200.151.45] cmd read (sendmail) > 4361 ?? I 0:00.01 sendmail: server 98CC072E.ipt.aol.com > [152.204.7.46] child wait (sendmail) > 4362 ?? I 0:00.02 sendmail: server 98CC072E.ipt.aol.com > [152.204.7.46] cmd read (sendmail) > 4364 ?? I 0:00.01 sendmail: server 98A68AEA.ipt.aol.com > [152.166.138.234] child wait (sendmail) > 4367 ?? I 0:00.02 sendmail: server 98A68AEA.ipt.aol.com > [152.166.138.234] cmd read (sendmail) > 4369 ?? I 0:00.01 sendmail: server 98CD50D8.ipt.aol.com > [152.205.80.216] child wait (sendmail) > 4370 ?? I 0:00.02 sendmail: server 98CD50D8.ipt.aol.com > [152.205.80.216] cmd read (sendmail) > 4471 ?? I 0:00.01 sendmail: server ABD028A4.ipt.aol.com > [171.208.40.164] child wait (sendmail) > 4472 ?? I 0:00.01 sendmail: server ABD028A4.ipt.aol.com > [171.208.40.164] child wait (sendmail) > 4473 ?? I 0:00.01 sendmail: server ABD028A4.ipt.aol.com > [171.208.40.164] child wait (sendmail) > 4474 ?? I 0:00.02 sendmail: server ABD028A4.ipt.aol.com > [171.208.40.164] cmd read (sendmail) > 4475 ?? I 0:00.02 sendmail: server ABD028A4.ipt.aol.com > [171.208.40.164] cmd read (sendmail) > 4476 ?? I 0:00.02 sendmail: server ABD028A4.ipt.aol.com > [171.208.40.164] cmd read (sendmail) > 4507 ?? I 0:00.01 sendmail: server ABD86D5D.ipt.aol.com > [171.216.109.93] child wait (sendmail) > 4508 ?? I 0:00.02 sendmail: server ABD86D5D.ipt.aol.com > [171.216.109.93] cmd read (sendmail) > 4510 ?? I 0:00.01 sendmail: server ABD96F8E.ipt.aol.com > [171.217.111.142] child wait (sendmail) > 4511 ?? I 0:00.02 sendmail: server ABD96F8E.ipt.aol.com > [171.217.111.142] cmd read (sendmail) > 4525 ?? I 0:00.01 sendmail: server 98A9E892.ipt.aol.com > [152.169.232.146] child wait (sendmail) > 4526 ?? I 0:00.01 sendmail: server 98A9E892.ipt.aol.com > [152.169.232.146] child wait (sendmail) > 4527 ?? I 0:00.02 sendmail: server 98A9E892.ipt.aol.com > [152.169.232.146] cmd read (sendmail) > 4528 ?? I 0:00.02 sendmail: server 98A9E892.ipt.aol.com > [152.169.232.146] cmd read (sendmail) > 4529 ?? I 0:00.01 sendmail: server ABD96E5D.ipt.aol.com > [171.217.110.93] child wait (sendmail) > 4530 ?? I 0:00.02 sendmail: server ABD96E5D.ipt.aol.com > [171.217.110.93] cmd read (sendmail) > 4564 ?? I 0:00.01 sendmail: server > dialup-209.245.41.221.SanDiego1.Level3.net [209.245.41.221] chi > 4565 ?? I 0:00.02 sendmail: server > dialup-209.245.41.221.SanDiego1.Level3.net [209.245.41.221] cmd > 4602 ?? I 0:00.01 sendmail: server ABD6CDDE.ipt.aol.com > [171.214.205.222] child wait (sendmail) > 4603 ?? I 0:00.02 sendmail: server ABD6CDDE.ipt.aol.com > [171.214.205.222] cmd read (sendmail) > 4637 ?? I 0:00.01 sendmail: server 98A68AEA.ipt.aol.com > [152.166.138.234] child wait (sendmail) > 4638 ?? I 0:00.02 sendmail: server 98A68AEA.ipt.aol.com > [152.166.138.234] cmd read (sendmail) > 4646 ?? I 0:00.01 sendmail: server ABD78E3B.ipt.aol.com > [171.215.142.59] child wait (sendmail) > 4647 ?? I 0:00.02 sendmail: server ABD78E3B.ipt.aol.com > [171.215.142.59] cmd read (sendmail) > 4652 ?? I 0:00.01 sendmail: server 98CD01D6.ipt.aol.com > [152.205.1.214] child wait (sendmail) > 4653 ?? I 0:00.02 sendmail: server 98CD01D6.ipt.aol.com > [152.205.1.214] cmd read (sendmail) > 4666 ?? I 0:00.01 sendmail: server 98CD0B4A.ipt.aol.com > [152.205.11.74] child wait (sendmail) > 4667 ?? I 0:00.01 sendmail: server 98CD0B4A.ipt.aol.com > [152.205.11.74] child wait (sendmail) > 4671 ?? I 0:00.02 sendmail: server 98CD0B4A.ipt.aol.com > [152.205.11.74] cmd read (sendmail) > 4672 ?? I 0:00.02 sendmail: server 98CD0B4A.ipt.aol.com > [152.205.11.74] cmd read (sendmail) > 4695 ?? I 0:00.01 sendmail: server cc405899-a.brick1.nj.home.com > [24.6.84.63] child wait (sendmail > 4696 ?? I 0:00.01 sendmail: server cc405899-a.brick1.nj.home.com > [24.6.84.63] child wait (sendmail > 4697 ?? I 0:00.02 sendmail: server cc405899-a.brick1.nj.home.com > [24.6.84.63] cmd read (sendmail) > 4698 ?? I 0:00.02 sendmail: server cc405899-a.brick1.nj.home.com > [24.6.84.63] cmd read (sendmail) > 4700 ?? I 0:00.01 sendmail: server 98A68AEA.ipt.aol.com > [152.166.138.234] child wait (sendmail) > 4701 ?? I 0:00.02 sendmail: server 98A68AEA.ipt.aol.com > [152.166.138.234] cmd read (sendmail) > 4709 ?? I 0:00.01 sendmail: server 98CD4F2A.ipt.aol.com > [152.205.79.42] child wait (sendmail) > 4711 ?? I 0:00.02 sendmail: server 98CD4F2A.ipt.aol.com > [152.205.79.42] cmd read (sendmail) > 4801 ?? I 0:00.01 sendmail: server 98A72163.ipt.aol.com > [152.167.33.99] child wait (sendmail) > 4802 ?? I 0:00.02 sendmail: server 98A72163.ipt.aol.com > [152.167.33.99] cmd read (sendmail) > 4830 ?? I 0:00.01 sendmail: server ABD605BD.ipt.aol.com > [171.214.5.189] child wait (sendmail) > 4831 ?? I 0:00.02 sendmail: server ABD605BD.ipt.aol.com > [171.214.5.189] cmd read (sendmail) > 4839 ?? I 0:00.01 sendmail: server cc353189-a.owml1.md.home.com > [24.3.39.239] child wait (sendmail > 4840 ?? I 0:00.02 sendmail: server cc353189-a.owml1.md.home.com > [24.3.39.239] cmd read (sendmail) > 4845 ?? I 0:00.01 sendmail: server 98C992C9.ipt.aol.com > [152.201.146.201] child wait (sendmail) > 4846 ?? I 0:00.01 sendmail: server 98C992C9.ipt.aol.com > [152.201.146.201] child wait (sendmail) > 4847 ?? I 0:00.01 sendmail: server 98C992C9.ipt.aol.com > [152.201.146.201] child wait (sendmail) > 4848 ?? I 0:00.01 sendmail: server 98C992C9.ipt.aol.com > [152.201.146.201] child wait (sendmail) > 4849 ?? I 0:00.02 sendmail: server 98C992C9.ipt.aol.com > [152.201.146.201] cmd read (sendmail) > 4850 ?? I 0:00.02 sendmail: server 98C992C9.ipt.aol.com > [152.201.146.201] cmd read (sendmail) > 4851 ?? I 0:00.02 sendmail: server 98C992C9.ipt.aol.com > [152.201.146.201] cmd read (sendmail) > 4852 ?? I 0:00.02 sendmail: server 98C992C9.ipt.aol.com > [152.201.146.201] cmd read (sendmail) > 4860 ?? S 0:00.59 /usr/local/sbin/sshd (sshd1) > 4896 ?? I 0:00.01 sendmail: server 98CD742E.ipt.aol.com > [152.205.116.46] child wait (sendmail) > 4897 ?? I 0:00.02 sendmail: server 98CD742E.ipt.aol.com > [152.205.116.46] cmd read (sendmail) > 4904 ?? I 0:00.01 sendmail: server 98ADEA9D.ipt.aol.com > [152.173.234.157] child wait (sendmail) > 4905 ?? I 0:00.02 sendmail: server 98ADEA9D.ipt.aol.com > [152.173.234.157] cmd read (sendmail) > 4906 ?? I 0:00.01 sendmail: server 98A9848F.ipt.aol.com > [152.169.132.143] child wait (sendmail) > 4907 ?? I 0:00.02 sendmail: server 98A9848F.ipt.aol.com > [152.169.132.143] cmd read (sendmail) > 4918 ?? I 0:00.01 sendmail: server ABD4D9A4.ipt.aol.com > [171.212.217.164] child wait (sendmail) > 4919 ?? I 0:00.02 sendmail: server ABD4D9A4.ipt.aol.com > [171.212.217.164] cmd read (sendmail) > 5034 ?? I 0:00.01 sendmail: server host92.iline.com > [207.30.115.92] child wait (sendmail) > 5036 ?? I 0:00.02 sendmail: server host92.iline.com > [207.30.115.92] cmd read (sendmail) > 5055 ?? I 0:00.01 sendmail: server 98CB1D1B.ipt.aol.com > [152.203.29.27] child wait (sendmail) > 5057 ?? I 0:00.02 sendmail: server 98CB1D1B.ipt.aol.com > [152.203.29.27] cmd read (sendmail) > 5089 ?? I 0:00.01 sendmail: server ABD9AEE0.ipt.aol.com > [171.217.174.224] child wait (sendmail) > 5090 ?? I 0:00.02 sendmail: server ABD9AEE0.ipt.aol.com > [171.217.174.224] cmd read (sendmail) > 5091 ?? I 0:00.01 sendmail: server 98A7BAF4.ipt.aol.com > [152.167.186.244] child wait (sendmail) > 5092 ?? I 0:00.02 sendmail: server 98A7BAF4.ipt.aol.com > [152.167.186.244] cmd read (sendmail) > 5097 ?? I 0:00.01 sendmail: server 98A73695.ipt.aol.com > [152.167.54.149] child wait (sendmail) > 5098 ?? I 0:00.02 sendmail: server 98A73695.ipt.aol.com > [152.167.54.149] cmd read (sendmail) > 5114 ?? I 0:00.01 sendmail: server 98CD4F2A.ipt.aol.com > [152.205.79.42] child wait (sendmail) > 5115 ?? I 0:00.02 sendmail: server 98CD4F2A.ipt.aol.com > [152.205.79.42] cmd read (sendmail) > 5116 ?? I 0:00.01 sendmail: server 98AA2318.ipt.aol.com > [152.170.35.24] child wait (sendmail) > 5117 ?? I 0:00.02 sendmail: server 98AA2318.ipt.aol.com > [152.170.35.24] cmd read (sendmail) > 5137 ?? I 0:00.01 sendmail: server ABD15CDE.ipt.aol.com > [171.209.92.222] child wait (sendmail) > 5138 ?? I 0:00.02 sendmail: server ABD15CDE.ipt.aol.com > [171.209.92.222] cmd read (sendmail) > 5149 ?? I 0:00.01 sendmail: server 98C992C9.ipt.aol.com > [152.201.146.201] child wait (sendmail) > 5150 ?? I 0:00.02 sendmail: server 98C992C9.ipt.aol.com > [152.201.146.201] cmd read (sendmail) > 5158 ?? I 0:00.01 sendmail: server p359.gnt.com [204.49.91.167] > child wait (sendmail) > 5159 ?? I 0:00.02 sendmail: server p359.gnt.com [204.49.91.167] > cmd read (sendmail) > 5172 ?? I 0:00.01 sendmail: server pm4-249.dialup.flinet.com > [208.14.24.249] child wait (sendmail) > 5173 ?? I 0:00.02 sendmail: server pm4-249.dialup.flinet.com > [208.14.24.249] cmd read (sendmail) > > Is there anything I can do to stop this? > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001501bf0462$94adfdc0$256b52c6>