Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 15 Sep 1998 14:27:56 +0100 (BST)
From:      Jay Tribick <netadmin@fastnet.co.uk>
To:        "N. N.M" <madrapour@hotmail.com>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: A question probably relevant to IPFW
Message-ID:  <Pine.BSF.3.96.980915141822.342K-100000@bofh.fast.net.uk>
In-Reply-To: <19980915131543.10859.qmail@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

Hi

| >There was no exact pattern to reboots (which led me 
| >to believe it was either a DoS or a hardware failure)
| >and so I rebuilt the machine from completely different
| >components, upgraded BSD to the latest version (went
| >from 2.2.1 -> 2.2.6) and thought it was all working
| >fine. A few days later it started doing the same thing
| >and still does it although not as often.

| Did you have IPFW active on that machine? It seems to be relevant 
| directly to IPFW and packet filtering, because as I said before, the 
| other FreeBSD with the same configuration hasn't been rebooted after it 
| hadn't to filter the packets. 
| 
| Another point: it is rebooted just at 2 am and it follows from a 
| semi-routine timing. Being rebooted once in almost 2-3 days: Friday, 
| Monday, Wednesday and the other week: Friday, Sunday, Tuesday! 
| I have a line in /var/cron/log file as follow:
| 
| .....[the time of reboot, 2.05 am] ... cron [8923] : (CRON) STARTUP    
| (fork ok)

I do have ipfw active on the machine with packet filtering but
just a default let-anything-through filter.

I didn't get any log entries like this, I've even been logged
in just before the machine's rebooted before and there was no-one
else logged in, no strange netstat -i entries.. 

What was in your cron that starts up at this time? /etc/daily?

home# time /etc/daily
<snip! crap..>
real    1m25.888s
user    0m2.159s
sys     0m12.067s

This machine's only a P75 and yet it still manages to finish
/etc/daily in 1minute 25seconds. Was it 02:05 exactly?

Mine's not rebooted in 6 days btw.. 

Regards,

Jay Tribick <netadmin@fastnet.co.uk>
--
[| Network Admin | FastNet International | http://fast.net.uk/ |]
[| Finger netadmin@fastnet.co.uk for contact info & PGP PubKey |]
[|   +44 (0)1273 T: 677633 F: 621631 e: netadmin@fast.net.uk   |]



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980915141822.342K-100000>