From owner-freebsd-security Wed Dec 13 9: 1:34 2000 From owner-freebsd-security@FreeBSD.ORG Wed Dec 13 09:01:32 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mail.wlcg.com (mail.wlcg.com [207.226.17.4]) by hub.freebsd.org (Postfix) with ESMTP id BA55237B400 for ; Wed, 13 Dec 2000 09:01:31 -0800 (PST) Received: from localhost (rsimmons@localhost) by mail.wlcg.com (8.11.1/8.11.1) with ESMTP id eBDH15618444; Wed, 13 Dec 2000 12:01:05 -0500 (EST) (envelope-from rsimmons@wlcg.com) Date: Wed, 13 Dec 2000 12:01:05 -0500 (EST) From: Rob Simmons To: Szilveszter Adam Cc: freebsd-security@FreeBSD.ORG Subject: Re: 911 lockdown! In-Reply-To: <20001213174249.L24233@petra.hos.u-szeged.hu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Yes. If you want to disable it, add: FEATURE(`no_default_msa') to your mc file and rebuild the cf. Robert Simmons Systems Administrator http://www.wlcg.com/ On Wed, 13 Dec 2000, Szilveszter Adam wrote: > Hello! > > On Wed, Dec 13, 2000 at 05:32:35PM +0100, Dag-Erling Smorgrav wrote: > > > 587/tcp open submission > > > > This is probably a back door the intruder left behind. Use sockstat(1) > > to determine which process owns the socket, and kill it (and make sure > > it doesn't restart when you reboot) > > > > Uhm, if he is running sendmail (a recent version,) than it may be just > that: sendmail now runs on two ports, 25 and 587 unless configured > otherwise. OTB it will listen on both ports. Esp since he said that > telnetting to this port starts up a sendmail which is expected behaviour. > > -- > Regards: > > Szilveszter ADAM > Szeged University > Szeged Hungary > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message