On Thu, Feb 05, 2004 at 03:58:42PM -0800, Barameswari Thoreraj said
> hi,
>
> I am running debian 2.2.19. I had been receiving the message below in my
> logs and sendmail has not been able to send or receive mail, although it
> didn't crash.
This is a very old kernel that has at least a couple of security issues.
Upgrade immediately.
> Daemon.log:
> Feb 5 06:19:16 logan xinetd[875]: {general_handler} (875) Unexpected
> signal: 11 (Segmentation fault)
> Feb 5 06:19:16 logan xinetd[875]: {bad_signal} Received 10 signals in 1
> seconds. Exiting...
Are you up-to-date with your security fixes? Not to be alarmist, but
you could get segfaults if someone attempts to exploit xinetd.
> An hour before this problem started, there seems to be a buffer overflow
> attempt and there was an error logged for:
> rpc.statd[186]: gethostbyname error for ^X÷ÿ¿^X÷ÿ¿^Z (truncated as it is
> very long).
Uh, that's very odd as well. Taken together, I'd be quite suspicious
about a potential attack on this machine...
Make sure you have all your packages up to date with Debian's security
updates, and perhaps run snort to see if you can catch someone in the
act.
--
Rob Weir <rweir@ertius.org> | mlspam@ertius.org | Do I look like I want a CC?
Words of the day: AMW attack 9705 Samford Road Legion of Doom UNSCOM CISU
Attachment:
signature.asc
Description: Digital signature