Date: Wed, 23 May 2001 10:00:46 +0200 From: Michael Radzewitz <michael.radzewitz@freenet-ag.de> To: "'security@freebsd.org'" <security@freebsd.org> Subject: RE: apache_logs/system hang up Message-ID: <E07E5FD109B8D411842200508BD3C5E601919644@staff.freenet-ag.de>
next in thread | raw e-mail | index | archive | help
Hello Marc, the system wasn't able to do anything so that i had to reset it by hand. Tonight the same thing happend. Acctually I would think there must be something wrong on my site. The characters contain nothing else than hundreds of these: ^@^@^@ They do not look like a typically binary file. It's always the same corner of the internet which one of my users visit and which causes the trouble one minute later. Today I plugged a monitor in to see what happend and i got the message: login: unable to login followed by a kernel panic and the normal core dump output of a linux system. As I mentioned before I thing there is something wrong on my site but I am a little bit concerned about the: unable to login message. I will monitor this problem until the end of the week - maybe i get some more information about it. Later than I will swap the system to FreeBSD. Thank's Michael > -----Ursprüngliche Nachricht----- > Von: Marc Rogers [mailto:marcr@shady.org] > Gesendet: Mittwoch, 23. Mai 2001 00:55 > An: Michael Radzewitz > Betreff: Re: apache_logs/system hang up > > > > When you mean hang, do you mean that it was unresponsive, > or do you mean that you actualy tried to get a response from > a console keyboard? > > In my experience an attack is more likely to suck resources from > a system, making it unresponsive, or very very slow to respond. > > A complete lockup is most often caused by a hardware issue. > > when you mention "non ascii" characters, do you mean special > ascii characters, such as ^@ ^M ï Ä etc? Was it a similar > effect to reading a binary file? > > > Marc Rogers > Technical Director > European Data Corporation > > On Tue, May 22, 2001 at 05:13:35PM +0200, Michael Radzewitz wrote: > > Hello, > > > > i've have posted this question before without a subject. > > sorry for that and please ignore the last mail. > > > > Once again... > > > > ...a short question because i am concerned about a log entry > > in the apache access and error logs. > > > > Last night I had to reset my system because it hangs. > > Today I've found two entry's in the logfiles mentioned > > above. They contain lots of non assci characters. > > I am not able to get some more information about the > > content. For me it seems to be binary-code. > > > > The log entry looks something like this > > > > lot's of: ^@^@^@ttp://www. followed by the address > > | > > | > > my editor > > display it like this (vim) > > > > > > > > I'm wondering if it's possible to send such informations over the > > http-protcol which causes the apache and the rest of the system to > > hang up or maybe it's just a hang up because god knows what went > > wrong at that time with the hard or software. > > > > Maybe one of you had the same problem or any other idea. > > > > Thank's in advance > > > > Michael > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E07E5FD109B8D411842200508BD3C5E601919644>