From owner-freebsd-security Fri Feb 7 20:22:15 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id UAA22724 for security-outgoing; Fri, 7 Feb 1997 20:22:15 -0800 (PST) Received: from scanners.tec.mn.us (scanners.Tec.MN.US [199.199.83.67]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id UAA22704; Fri, 7 Feb 1997 20:22:06 -0800 (PST) Received: (from walth@localhost) by scanners.tec.mn.us (8.6.12/8.6.12) id WAA01698; Fri, 7 Feb 1997 22:21:51 -0600 Date: Fri, 7 Feb 1997 22:21:51 -0600 (CST) From: Chris Walth To: questions@freebsd.org cc: isp@freebsd.org, security@freebsd.org Subject: Problems? or denial of service attack? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hello, I am running a server currently with FreeBSD 2.1.0-RELEASE. Yes I know that it is outdated ;) What I have is someone connecting to port 25 and sending a lot of email messages from a dialup port. I am currently tracing the dialup port. In the process of looking into this problem I noticed many pages of log entries that state the vm_??? has killed a process and also some about out of swap space. Here are a couple of the messages: Feb 7 00:07:51 scanners /kernel: Process 26028 killed by vm_fault -- out of swap Feb 7 00:07:51 scanners /kernel: swap_pager: out of space Feb 7 00:07:52 scanners /kernel: Process 25867 killed by vm_pageout -- out of swap Feb 7 00:07:52 scanners /kernel: swap_pager: out of space Feb 7 00:07:52 scanners /kernel: Process 25811 killed by vm_fault -- out of swap Feb 7 00:07:52 scanners /kernel: Process 26035 killed by vm_fault -- out of swap Feb 7 00:07:52 scanners /kernel: Process 25979 killed by vm_fault -- out of swap Feb 7 00:07:53 scanners /kernel: Process 25961 killed by vm_fault -- out of swap Feb 7 00:07:53 scanners /kernel: Process 25986 killed by vm_fault -- out of swap Any info about this would be greatly appreciated. I am currently planning on upgrading the system to 2.2 when it is released, but I have to do the upgrade remotely or else wait until I can get to the machine. This problem is bugging me, and I do not know where to start on this one. Thanks for your time.. Chris Walth ............................................................................ Chris Walth Scanners/netco UNIX System Administrator email: walth@scanners.tec.mn.us phone: 701-280-0922 finger walth@scanners.tec.mn.us to get PGP public Key. ............................................................................