From owner-freebsd-security  Sat Feb  8 07:34:22 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id HAA16850
          for security-outgoing; Sat, 8 Feb 1997 07:34:22 -0800 (PST)
Received: from scanners.tec.mn.us (scanners.Tec.MN.US [199.199.83.67])
          by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id HAA16776;
          Sat, 8 Feb 1997 07:34:11 -0800 (PST)
Received: (from walth@localhost) by scanners.tec.mn.us (8.6.12/8.6.12) id JAA05098; Sat, 8 Feb 1997 09:33:45 -0600
Date: Sat, 8 Feb 1997 09:33:45 -0600 (CST)
From: Chris Walth <walth@scanners.tec.mn.us>
To: Michael Slater <slaterm@excel.tnet.com.au>
cc: questions@freebsd.org, isp@freebsd.org, security@freebsd.org
Subject: Re: Problems? or denial of service attack?
In-Reply-To: <Pine.LNX.3.91.970208131704.425A-100000@excel.tnet.com.au>
Message-ID: <Pine.BSF.3.91.970208092657.5067A-100000@scanners.tec.mn.us>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Sat, 8 Feb 1997, Michael Slater wrote:

> 
> It looks like you are out of Swap space...
> 
> Michael Slater
> slaterm@tnet.com.au
> 

  This machine is a web server and email server.  There was nobody logged 
in at these times.  I have 32 megs of ram and 43 megs of swap.  There was 
also about 20 pages of messages having to do with sendmail.  Here are a 
few of those attached below.

  I have never had any problems before, and now when I was getting these 
sendmail problems I was getting all these messages.  I do not think that 
it is just a swap problem..

Feb  7 00:06:32 scanners sendmail[26007]: NOQUEUE: SYSERR: putoutmsg 
(dialup-1a.
co.net): error on output channel sending "451 entering initmaps: fd 1 not 
open:
Invalid argument": Broken pipe
Feb  7 00:06:32 scanners sendmail[26007]: NOQUEUE: SYSERR(root): entering 
initma
ps: fd 1 not open: Invalid argument
Feb  7 00:06:32 scanners sendmail[25996]: NOQUEUE: SYSERR: putoutmsg 
(dialup-1a.
co.net): error on output channel sending "451 entering initmaps: fd 1 not 
open:
Invalid argument": Broken pipe
Feb  7 00:06:32 scanners sendmail[25996]: NOQUEUE: SYSERR(root): entering 
initma
ps: fd 1 not open: Invalid argument
Feb  7 00:06:34 scanners sendmail[25867]: AAA25867: SYSERR: putoutmsg 
(dialup-1a
.co.net): error on output channel sending "354 Enter mail, end with "." 
on a lin
e by itself": Broken pipe
Feb  7 00:06:34 scanners sendmail[25867]: AAA25867: SYSERR(root): Out of 
memory!
!: Cannot allocate memory
Feb  7 00:06:30 scanners sendmail[25999]: NOQUEUE: SYSERR: putoutmsg 
(dialup-1a.
co.net): error on output channel sending "451 entering initmaps: fd 1 not 
open:
Invalid argument": Broken pipe
Feb  7 00:06:34 scanners sendmail[26012]: NOQUEUE: SYSERR: putoutmsg 
(dialup-1a.
co.net): error on output channel sending "451 entering initmaps: fd 1 not 
open:
Invalid argument": Broken pipe


What are these initmaps?  Did someone possiably gain access to the 
system?  I don't see any evidence.  Mail was generated and sent to one 
person.  He got about 200 messages from this person.

Thanks.

Chris

  
............................................................................

Chris Walth

Scanners/netco UNIX System Administrator

email: walth@scanners.tec.mn.us
phone: 701-280-0922
finger walth@scanners.tec.mn.us to get PGP public Key.
............................................................................