[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] sendmail questions...?

Subject: Re: [cobalt-security] sendmail questions...?
From: "Michael Zimmermann" <zim@xxxxxxxx>
Date: Mon, 12 Jun 2000 10:04:39 +0200

From: Theodore Jones <theoj@xxxxxxxxxxxxx>
> Can anyone help me decipher what such a process running would indicate?:
> 
> 641 ttyS0    S      0:00 /sbin/mgetty -s 115200 -r -b ttyS0
> 
> I also have ten or more sendmail processs running which I don't know
> about either...:
> 
> 17623 ?        S      0:00 sendmail: server mail1.loadmail.com
> [206.159.180.3] c
> 17624 ?        S      0:00 sendmail: PAA17624 mail1.loadmail.com
[snip]

Looks like a) an uucp connection thru your searial port
and b) sendmail receiving lots of mails from loadmail.com (LA area). 
Perhaps sendmail receiving lots of mail via the the old fashioned
uucp over a dial-up line (I don't know; haven't seen that 
old technique for years).

Anyone connected to your server thru the serial (you or the
server maintainance staff?). Give the output of 
    ps-ef 
and 
    netstat -a
(if you want use private email).

Any intrusion report available (say from tripwire)?

If I can, I help you with a third eye. But perhaps
a more grown-up security expert is available
(to make it 4 eyes) ?

Michael

Follow-Ups:
- Re: [cobalt-security] sendmail questions...?
  - From: WebFusion System Administrator

References:
- [cobalt-security] sendmail questions...?
  - From: Theodore Jones

Prev by Date: Re: [cobalt-security] Cobalt Security Notice - Linux Kernel - 06/09/00
Next by Date: [cobalt-security] Possible solution for BIG security hole in RaQ3 server
Previous by thread: Re: [cobalt-security] sendmail questions...?
Next by thread: Re: [cobalt-security] sendmail questions...?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index