From owner-freebsd-questions Sun May 21 11:41:40 2000 Delivered-To: freebsd-questions@freebsd.org Received: from usc.edu (usc.edu [128.125.253.136]) by hub.freebsd.org (Postfix) with ESMTP id 1752137B574 for ; Sun, 21 May 2000 11:41:35 -0700 (PDT) (envelope-from abdulgha@usc.edu) Received: from scf-fs.usc.edu (root@scf-fs.usc.edu [128.125.253.183]) by usc.edu (8.9.3.1/8.9.3/usc) with ESMTP id LAA02710 for ; Sun, 21 May 2000 11:41:17 -0700 (PDT) Received: from phoenix (res-3617.usc.edu [128.125.31.111]) by scf-fs.usc.edu (8.9.3.1/8.9.3/usc) with SMTP id LAA04144 for ; Sun, 21 May 2000 11:41:17 -0700 (PDT) Message-ID: <00b401bfc354$31b72aa0$6f1f7d80@phoenix> Reply-To: "Khairuddin Abdul Ghani" From: "Khairuddin Abdul Ghani" To: Subject: mysterious shutdowns Date: Sun, 21 May 2000 11:41:36 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello. First thanks to Crist for helping me with my talkd problem, but now there seems to be something more sinister happening on my machine. At least once a day, the machine would 'shutdown' (as noted in the 'last' output) mysteriously for no apparent reason. What bothers me is that just before or during each shutdown, there would be a ton of traffic going into the machine (an outside attack it seems). Unfortunately, nothing seems to be logged, because syslogd dies during the shutdown. Sometimes certain libraries like mm and tcl which are heavily used would disappear. At the moment I'm trying to log incoming connections with log_in_vain, and maybe just running tcpdump indefinitely. If there are any better ways, please tell. I have IPFIREWALL compiled with log amount of 50 and VERBOSE. Best regards, Rudy. eg. last | grep shutdown: shutdown ~ Fri May 19 15:09 flash ttypm 194.133.37.38 Fri May 19 15:04 - shutdown (00:05) misterio ttyp5 62.11.132.164 Fri May 19 15:01 - shutdown (00:07) di0lam0r ttypb a-na12-61.tin.it Fri May 19 12:44 - shutdown (02:24) xgen ttyp6 res-3617.usc.edu Fri May 19 10:59 - shutdown (04:09) /var/log/messages: May 21 05:21:47 sage syslogd: exiting on signal 15 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message