Date: Tue, 15 Jun 1999 12:07:32 -0600 (MDT) From: Nick Rogness <nick@rapidnet.com> To: Warner Losh <imp@harmony.village.org> Cc: LutzRab@omc.net, security@FreeBSD.ORG Subject: Re: New Attack via sendmail? Message-ID: <Pine.BSF.4.05.9906151205420.28138-100000@rapidnet.com> In-Reply-To: <199906150630.AAA90548@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 15 Jun 1999, Warner Losh wrote: > In message <199906141930.VAA14403@office.omc.net> "Lutz Rabing" writes: > : I've seen some pretty strange lines in syslog of one of our webservers. > : > : The box is running 2.2.8 with sendmail 8.9.3 and has never been out of > : swap space before, in fact it's not using swap space at all under normal > : conditions. > > Have you used gdb to get a traceback sendmail.core? Have you > considered building sendmail from sources and installing that binary > if you have the stripped binary installed? > > I've not heard of attack like this recently. > > Also, I'd take a look at cucipop. It may be the case that it, or > something else, is eating all the memory, causing problems for > sendmail, et al. 'ps auxww' should help next time this happens. Or even 'top' shows a bit more detail than ps -auxww does. But either one should help ya see what is going on. Problem is you have to be on the server when this happens. > > Warner > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > ******************************************************************* Nick Rogness "Never settle with words what System Administrator can be accomplished with a RapidNet, INC flame-thrower" nick@rapidnet.com ******************************************************************* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9906151205420.28138-100000>