From owner-freebsd-questions Sun May 21 17: 2: 2 2000 Delivered-To: freebsd-questions@freebsd.org Received: from freebie.lemis.com (freebie.lemis.com [192.109.197.137]) by hub.freebsd.org (Postfix) with ESMTP id 8684A37BA28 for ; Sun, 21 May 2000 17:01:51 -0700 (PDT) (envelope-from grog@freebie.lemis.com) Received: (from grog@localhost) by freebie.lemis.com (8.9.3/8.9.0) id JAA77176; Mon, 22 May 2000 09:31:29 +0930 (CST) Date: Mon, 22 May 2000 09:31:29 +0930 From: Greg Lehey To: Khairuddin Abdul Ghani Cc: freebsd-questions@FreeBSD.ORG Subject: Re: mysterious shutdowns Message-ID: <20000522093128.A77130@freebie.lemis.com> References: <00b401bfc354$31b72aa0$6f1f7d80@phoenix> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre2i In-Reply-To: <00b401bfc354$31b72aa0$6f1f7d80@phoenix> Organization: LEMIS, PO Box 460, Echunga SA 5153, Australia Phone: +61-8-8388-8286 Fax: +61-8-8388-8725 Mobile: +61-418-838-708 WWW-Home-Page: http://www.lemis.com/~grog X-PGP-Fingerprint: 6B 7B C3 8C 61 CD 54 AF 13 24 52 F8 6D A4 95 EF Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG [Format recovered--see http://www.lemis.com/email/email-format.html] On Sunday, 21 May 2000 at 11:41:36 -0700, Khairuddin Abdul Ghani wrote: > Hello. > > First thanks to Crist for helping me with my talkd problem, but now there > seems to be something more sinister happening on my machine. > > At least once a day, the machine would 'shutdown' (as noted in the 'last' > output) mysteriously for no apparent reason. What bothers me is that just > before or during each shutdown, there would be a ton of traffic going into > the machine (an outside attack it seems). Unfortunately, nothing seems to be > logged, because syslogd dies during the shutdown. Sometimes certain > libraries like mm and tcl which are heavily used would disappear. > > At the moment I'm trying to log incoming connections with log_in_vain, and > maybe just running tcpdump indefinitely. If there are any better ways, > please tell. I have IPFIREWALL compiled with log amount of 50 and VERBOSE. > > Best regards, Rudy. > > eg. last | grep shutdown: Please don't wrap these lines. > shutdown ~ Fri May 19 15:09 > flash ttypm 194.133.37.38 Fri May 19 15:04 - shutdown (00:05) > misterio ttyp5 62.11.132.164 Fri May 19 15:01 - shutdown (00:07) > di0lam0r ttypb a-na12-61.tin.it Fri May 19 12:44 - shutdown (02:24) > xgen ttyp6 res-3617.usc.edu Fri May 19 10:59 - shutdown(04:09) > > /var/log/messages: > May 21 05:21:47 sage syslogd: exiting on signal 15 It would be interesting to know what version of FreeBSD you're running. We had a problem with symptoms like this in -CURRENT recently, but if you're running -CURRENT, you should be discussing the problem on the FreeBSD-current mailing list, not here. Greg -- When replying to this message, please copy the original recipients. For more information, see http://www.lemis.com/questions.html Finger grog@lemis.com for PGP public key See complete headers for address and phone numbers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message