Re: Odd sendmail behavior

["Jay D. Dyson" <jdyson () treachery net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 5 Sep 2002, Etaoin Shrdlu wrote:

> I should also mention that the machine with the runaway processes was a
> Solaris 8 x86 box, not too recently patched

        Just an FYI to the list: the box in question (which isn't mine) is
actually Solaris 2.6 x86.  While I haven't surveyed the affected box in
question, my gut feeling is that the problem lies with inetd(1M).  I've
personally seen unpatched Solaris 2.4 through 2.6 boxen fall over and die
with just an 'nmap -O' scan, and it was usually attributable to unpatched
inetd issues.

        But the apparent HTTP request in the midst of an SMTP request is
indeed odd.  Hell, it's beyond odd and goes well into the realm of "damned
weird."  ;)

- -Jay

   (    (                                                        _______
   ))   ))   .-"There's always time for a good cup of coffee"-.   >====<--.
 C|~~|C|~~| (>----- Jay D. Dyson -- jdyson () treachery net -----<) |    = |-'
  `--' `--'  `---- Know your limitations.  We already do. ----'  `------'

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (TreacherOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iD8DBQE9d7vEGI2IHblM+8ERApfzAJ0cdiCaG+4wvYtHBFGAK5E2cTFZaACfWVEp
DXoZc4/DXpiYATFTjsV/0Tk=
=rfg1
-----END PGP SIGNATURE-----


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com