From owner-freebsd-security Tue Sep 15 06:28:24 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA06370 for freebsd-security-outgoing; Tue, 15 Sep 1998 06:28:24 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ns0.fast.net.uk (ns0.fast.net.uk [194.207.104.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA06339 for ; Tue, 15 Sep 1998 06:28:18 -0700 (PDT) (envelope-from netadmin@fastnet.co.uk) Received: from bofh.fast.net.uk (bofh.fast.net.uk [194.207.104.22]) by ns0.fast.net.uk (8.9.0/8.8.7) with ESMTP id OAA05609; Tue, 15 Sep 1998 14:27:56 +0100 (BST) Received: from bofh.fast.net.uk (bofh.fast.net.uk [194.207.104.22]) by bofh.fast.net.uk (8.9.1/8.8.8) with SMTP id OAA00773; Tue, 15 Sep 1998 14:27:56 +0100 (BST) (envelope-from netadmin@fastnet.co.uk) Date: Tue, 15 Sep 1998 14:27:56 +0100 (BST) From: Jay Tribick X-Sender: netadmin@bofh.fast.net.uk To: "N. N.M" cc: freebsd-security@FreeBSD.ORG Subject: Re: A question probably relevant to IPFW In-Reply-To: <19980915131543.10859.qmail@hotmail.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi | >There was no exact pattern to reboots (which led me | >to believe it was either a DoS or a hardware failure) | >and so I rebuilt the machine from completely different | >components, upgraded BSD to the latest version (went | >from 2.2.1 -> 2.2.6) and thought it was all working | >fine. A few days later it started doing the same thing | >and still does it although not as often. | Did you have IPFW active on that machine? It seems to be relevant | directly to IPFW and packet filtering, because as I said before, the | other FreeBSD with the same configuration hasn't been rebooted after it | hadn't to filter the packets. | | Another point: it is rebooted just at 2 am and it follows from a | semi-routine timing. Being rebooted once in almost 2-3 days: Friday, | Monday, Wednesday and the other week: Friday, Sunday, Tuesday! | I have a line in /var/cron/log file as follow: | | .....[the time of reboot, 2.05 am] ... cron [8923] : (CRON) STARTUP | (fork ok) I do have ipfw active on the machine with packet filtering but just a default let-anything-through filter. I didn't get any log entries like this, I've even been logged in just before the machine's rebooted before and there was no-one else logged in, no strange netstat -i entries.. What was in your cron that starts up at this time? /etc/daily? home# time /etc/daily real 1m25.888s user 0m2.159s sys 0m12.067s This machine's only a P75 and yet it still manages to finish /etc/daily in 1minute 25seconds. Was it 02:05 exactly? Mine's not rebooted in 6 days btw.. Regards, Jay Tribick -- [| Network Admin | FastNet International | http://fast.net.uk/ |] [| Finger netadmin@fastnet.co.uk for contact info & PGP PubKey |] [| +44 (0)1273 T: 677633 F: 621631 e: netadmin@fast.net.uk |] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message