[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

sendmail hijacked?

To: "misc@openbsd.org" <misc@openbsd.org>
Subject: sendmail hijacked?
From: Ken Walling <ken@cybercede.net>
Date: Wed, 6 Mar 2002 21:24:38 -0500
Organization: CyberCede Corporation

Hello all:

It's me - the paranoid weenie again.  I hope I'm just being paranoid again 
-  but before I just go killing processes - I would like some help in 
understanding how this happened.

I have a process started  - sendmail:  server <domain.name.that.aint.me> 
[start of IP address

that shows up from a

ps -ax

this is not the daemon I started - it is another copy -

How could this have happened?  Is there some way that someone can remotely 
start an instance of sendmail for a legit purpose - or is this definitely a 
compromised system?

I'm going to start poking around my log files now - thanks for all the help

	Captain Weenie

Follow-Ups:
- Re: sendmail hijacked?
  - From: Claus Assmann <ca+OpenBSD_misc@zardoc.endmail.org>

Prev by Date: Re: question on
Next by Date: Keeping dhcp from overwriting /etc/resolve.conf
Prev by thread: good old phone security habits
Next by thread: Re: sendmail hijacked?
Index(es):
- Date
- Thread