[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] sendmail hack?
- Subject: [cobalt-security] sendmail hack?
- From: "Sean Ward" <planxty@xxxxxxxx>
- Date: Wed, 9 Oct 2002 14:55:46 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
I have an entry in the logs like this:
7 04:44:02 ns sendmail[306]: NOQUEUE: Null connection from
24-90-190-122.nyc.rr.com [24.90.190.122] Oct 7 05:00:40 ns
in.qpopper[972]: (v?)
Followed by a legitimate pop login
After this, several logcheck files are considerably reduced (3K) and
only show the following info:
Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Oct 7 05:30:45 ns named[554]: Cleaned cache of 19 RRsets
Oct 7 05:30:45 ns named[554]: USAGE 1033986645 1033109953
CPU=5.73u/3.09s CHILDCPU=0u/0s Oct 7 05:30:45 ns named[554]: NSTATS
1033986645 1033109953 A=1716 NS=1 CNAME=6 SOA=3 PTR=2292 MX=971 TXT=1
AAAA=238 38=228 ANY=764 Oct 7 05:30:45 ns named[554]: XSTATS 1033986645
1033109953 RR=3246 RNXD=92 RFwdR=2005 RDupR=0 RFail=5 RFErr=0 RErr=1
RAXFR=0 RLame=10 ROpts=0 SSysQ=1071 SAns=6905 SFwdQ=1476 SDupQ=134
SErr=0 RQ=7039 RIQ=1 RFwdQ=1476 RDupQ=3 RTCP=0 SFwdR=2005 SFail=0
SFErr=0 SNaAns=3319 SNXD=137 RUQ=0 RURQ=0 RUXFR=0 RUUpd=0
As well, virtual sites were unavailable for a period of time and the
legitimate POP logins did not function.
Any ideas what I should do next?
Thanks,
Sean