Security Incidents mailing list archives
Re: Odd sendmail behavior
From: "Jay D. Dyson" <jdyson () treachery net>
Date: Thu, 5 Sep 2002 13:17:05 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 5 Sep 2002, Etaoin Shrdlu wrote:
I should also mention that the machine with the runaway processes was a Solaris 8 x86 box, not too recently patched
Just an FYI to the list: the box in question (which isn't mine) is actually Solaris 2.6 x86. While I haven't surveyed the affected box in question, my gut feeling is that the problem lies with inetd(1M). I've personally seen unpatched Solaris 2.4 through 2.6 boxen fall over and die with just an 'nmap -O' scan, and it was usually attributable to unpatched inetd issues. But the apparent HTTP request in the midst of an SMTP request is indeed odd. Hell, it's beyond odd and goes well into the realm of "damned weird." ;) - -Jay ( ( _______ )) )) .-"There's always time for a good cup of coffee"-. >====<--. C|~~|C|~~| (>----- Jay D. Dyson -- jdyson () treachery net -----<) | = |-' `--' `--' `---- Know your limitations. We already do. ----' `------' -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (TreacherOS) Comment: See http://www.treachery.net/~jdyson/ for current keys. iD8DBQE9d7vEGI2IHblM+8ERApfzAJ0cdiCaG+4wvYtHBFGAK5E2cTFZaACfWVEp DXoZc4/DXpiYATFTjsV/0Tk= =rfg1 -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Odd sendmail behavior Etaoin Shrdlu (Sep 05)
- Re: Odd sendmail behavior Jay D. Dyson (Sep 05)
- Re: Odd sendmail behavior Michael Katz (Sep 05)
- Re: Re: Odd sendmail behavior Nigel Frankcom (Sep 05)
- Re: Odd sendmail behavior Etaoin Shrdlu (Sep 05)
- Re: Re: Odd sendmail behavior Nigel Frankcom (Sep 05)