From owner-freebsd-security Thu Jun 22 3:33:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from gateway.bangsplat.org (h00e02962237e.ne.mediaone.net [24.147.164.44]) by hub.freebsd.org (Postfix) with ESMTP id 0864B37C236 for ; Thu, 22 Jun 2000 03:33:06 -0700 (PDT) (envelope-from georgeh@bangsplat.org) Received: from pentium (unknown [192.168.1.3]) by gateway.bangsplat.org (Postfix) with SMTP id 965F4CC; Thu, 22 Jun 2000 06:33:02 -0400 (EDT) Message-ID: <001301bfdc35$3dbff170$0301a8c0@pentium> From: "George Hartz" To: "Tim McCullagh" , "Christiaan Rademan" , References: <3951B6C8.DA609831@mics.co.za> <00eb01bfdc27$35e50520$778d25cb@halenet.com.au> Subject: Re: Hi All. Date: Thu, 22 Jun 2000 06:33:01 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org One of the systems I use as a frewall is running 4.0 as well, and is doing the same thing. It was on some hardware that I'd had some reliability problems with in the past (bad DIMM), but two days ago I replaced the DIMM, and was rather unhappy to discover yesterday that its still doing it. I've actually seen it do it dozens of times, but never thought to make note of the error that popped up since I assume its a hardware problem. Compiling a custom kernel hasn't helped though. I certainly see a lot of attempts at DOS attacks and port scans being on a cable modem, but there doesn't seem to be any relation between catching such a scan and the system doing a reboot. According to the system its been about five hours since it happened, which is longer than usual. Its usually about once an hour. I'll post if I find anything, now that I know it may be more than just a hardware issue. - George ----- Original Message ----- From: "Tim McCullagh" To: "Christiaan Rademan" ; Sent: Thursday, June 22, 2000 4:52 AM Subject: Re: Hi All. > Hi Christiaan, > > I am having the same problem. I posted a message to the ISP list a couple > of days ago and it seems as if a number of people are having the same > problem.. It has been suggested that I should compile a custom kernel to > get around it. Some of the responses have suggested going back to 3.4 > rather than 4.0 > > So I don't think you have any sort of DOS > > It would seem there is an issue with 4.0 which affects some of us > > > Let us know if you find anything > I will do the same > > regards > > Tim > > ----- Original Message ----- > From: "Christiaan Rademan" > To: > Sent: Thursday, 22 June 2000 4:48 > Subject: Hi All. > > > Greetings.. > > We here have a FreeBSD 4.0-Stable server, running latest services. ie > for mail. > The problem is it has been rebooting from time to time.. No reason has > been given to me > in detail via the log file. The machine has definitly not been hacked > according to some probes. > > I am left with a question, "Did I brake something, or is there a new > DoS attack or something else" > > All I have done is changed the chflags on some odd directories /bin with > -R. > Directories: /bin - /sbin - /usr/bin - /usr/sbin - /usr/libexec > > Then I mostley went around removing +x filemodes from some slightly > important suid exec, but > theyr still excuteable by owner,group : root,wheel. > > Other than that, the server has definitly not got hardware problems, > that has been replaced fully. > > I also have the system running kern.securelevel=3... via rc.conf > > I succesfully had a machine running with uptime for over 60days, with > the changes. > Although now I have to question why the machine reboots during the week? > > So far, it looks like the kernel is screwing up, for no known reason. > > I am about to try running the machine on a generic kernel, maybe make an > attempt to see > if it still brakes. > > If anyone has a clue what might be going wrong here, please contact me.. > > Regards, Christiaan Rademan > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message