|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jay D. Dyson (jdyson_at_treachery.net)
Date: Thu Sep 05 2002 - 15:17:05 CDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 5 Sep 2002, Etaoin Shrdlu wrote:
> I should also mention that the machine with the runaway processes was a
> Solaris 8 x86 box, not too recently patched
Just an FYI to the list: the box in question (which isn't mine) is
actually Solaris 2.6 x86. While I haven't surveyed the affected box in
question, my gut feeling is that the problem lies with inetd(1M). I've
personally seen unpatched Solaris 2.4 through 2.6 boxen fall over and die
with just an 'nmap -O' scan, and it was usually attributable to unpatched
inetd issues.
But the apparent HTTP request in the midst of an SMTP request is
indeed odd. Hell, it's beyond odd and goes well into the realm of "damned
weird." ;)
- -Jay
( ( _______
)) )) .-"There's always time for a good cup of coffee"-. >====<--.
C|~~|C|~~| (>----- Jay D. Dyson -- jdyson
treachery.net -----<) | = |-'
`--' `--' `---- Know your limitations. We already do. ----' `------'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (TreacherOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.
iD8DBQE9d7vEGI2IHblM+8ERApfzAJ0cdiCaG+4wvYtHBFGAK5E2cTFZaACfWVEp
DXoZc4/DXpiYATFTjsV/0Tk=
=rfg1
-----END PGP SIGNATURE-----
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]