From owner-freebsd-security Wed May 23 1: 1: 2 2001 Delivered-To: freebsd-security@freebsd.org Received: from mout0.freenet.de (mout0.freenet.de [194.97.50.131]) by hub.freebsd.org (Postfix) with ESMTP id 91F2137B43C for ; Wed, 23 May 2001 01:00:58 -0700 (PDT) (envelope-from michael.radzewitz@freenet-ag.de) Received: from [194.97.50.144] (helo=mx1.freenet.de) by mout0.freenet.de with esmtp (Exim 3.22 #1) id 152TZh-0008On-00 for security@freebsd.org; Wed, 23 May 2001 10:00:57 +0200 Received: from staff.freenet-ag.de ([62.104.227.5]) by mx1.freenet.de with esmtp (Exim 3.22 #1) id 152TZh-00074a-00 for security@freebsd.org; Wed, 23 May 2001 10:00:57 +0200 Received: by staff.freenet-ag.de with Internet Mail Service (5.5.2653.19) id ; Wed, 23 May 2001 10:00:56 +0200 Message-ID: From: Michael Radzewitz To: "'security@freebsd.org'" Subject: RE: apache_logs/system hang up Date: Wed, 23 May 2001 10:00:46 +0200 X-Mailer: Internet Mail Service (5.5.2653.19) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello Marc, the system wasn't able to do anything so that i had to reset it by hand. Tonight the same thing happend. Acctually I would think there must be something wrong on my site. The characters contain nothing else than hundreds of these: ^@^@^@ They do not look like a typically binary file. It's always the same corner of the internet which one of my users visit and which causes the trouble one minute later. Today I plugged a monitor in to see what happend and i got the message: login: unable to login followed by a kernel panic and the normal core dump output of a linux system. As I mentioned before I thing there is something wrong on my site but I am a little bit concerned about the: unable to login message. I will monitor this problem until the end of the week - maybe i get some more information about it. Later than I will swap the system to FreeBSD. Thank's Michael > -----Ursprüngliche Nachricht----- > Von: Marc Rogers [mailto:marcr@shady.org] > Gesendet: Mittwoch, 23. Mai 2001 00:55 > An: Michael Radzewitz > Betreff: Re: apache_logs/system hang up > > > > When you mean hang, do you mean that it was unresponsive, > or do you mean that you actualy tried to get a response from > a console keyboard? > > In my experience an attack is more likely to suck resources from > a system, making it unresponsive, or very very slow to respond. > > A complete lockup is most often caused by a hardware issue. > > when you mention "non ascii" characters, do you mean special > ascii characters, such as ^@ ^M ï Ä etc? Was it a similar > effect to reading a binary file? > > > Marc Rogers > Technical Director > European Data Corporation > > On Tue, May 22, 2001 at 05:13:35PM +0200, Michael Radzewitz wrote: > > Hello, > > > > i've have posted this question before without a subject. > > sorry for that and please ignore the last mail. > > > > Once again... > > > > ...a short question because i am concerned about a log entry > > in the apache access and error logs. > > > > Last night I had to reset my system because it hangs. > > Today I've found two entry's in the logfiles mentioned > > above. They contain lots of non assci characters. > > I am not able to get some more information about the > > content. For me it seems to be binary-code. > > > > The log entry looks something like this > > > > lot's of: ^@^@^@ttp://www. followed by the address > > | > > | > > my editor > > display it like this (vim) > > > > > > > > I'm wondering if it's possible to send such informations over the > > http-protcol which causes the apache and the rest of the system to > > hang up or maybe it's just a hang up because god knows what went > > wrong at that time with the hard or software. > > > > Maybe one of you had the same problem or any other idea. > > > > Thank's in advance > > > > Michael > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message