Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 13 May 2001 23:54:41 -0500
From:      John Baxter <jbaxter@mmcable.com>
To:        Ted Mittelstaedt <tedm@toybox.placo.com>
Cc:        "Dan Mahoney, System Admin" <danm@prime.gushi.org>, Kris Kennaway <kris@obsecurity.org>, questions@FreeBSD.ORG
Subject:   Re: onitoring named
Message-ID:  <3AFF6511.E1A8B996@mmcable.com>
References:  <001901c0dc30$8da1b560$1401a8c0@tedm.placo.com>

next in thread | previous in thread | raw e-mail | index | archive | help
you should visit cert.org and search for 'lion worm'.
it is a chinese hack kit.




Ted Mittelstaedt wrote:
> 
> You might check into the system ram that the named process is
> using for it's cache.  You may be overflowing an internal table
> or so.  What are your MAXUSERS set to in the kernel and do you
> have any other kernel variables defined?
> 
> Ted Mittelstaedt                      tedm@toybox.placo.com
> Author of:          The FreeBSD Corporate Networker's Guide
> Book website:         http://www.freebsd-corp-net-guide.com
> 
> >-----Original Message-----
> >From: owner-freebsd-questions@FreeBSD.ORG
> >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Dan Mahoney,
> >System Admin
> >Sent: Saturday, May 12, 2001 9:49 AM
> >To: Kris Kennaway
> >Cc: questions@FreeBSD.ORG
> >Subject: Re: onitoring named
> >
> >
> >On Fri, 11 May 2001, Kris Kennaway wrote:
> >
> >> On Sat, May 12, 2001 at 01:17:56AM -0400, Dan Mahoney, System
> >Admin wrote:
> >> > Hi all.  I noticed recently that I've had a high occurence of
> >named dying
> >> > on various machines.  What would I put in a crontab to restart
> >it only if
> >> > it's not running?  I'm not sure how to format the if statement.
> >
> >Okay, on a freeBSD 3.2-Release server I found an implementation of NDC
> >that was written as a (buggy, but easily fixed) shell script.  I have
> >installed this on my 4.2 boxen as "shndc", and run it from a crontab every
> >20 minutes.
> >
> >My nameservers are both very secure dedicated machines that, other than
> >webmin (boss's requirement) run nothing but DNS service.  Occasionally I
> >see them die on signal 11, more often with no explanation at all.  These
> >are the latest version, running in the most secure fashion I can get info
> >on. (chrooted as an unprivileged user, with quotas).  Has anyone else had
> >problems with named dying?
> >
> >-Dan
> >
> >>
> >> Aren't you at all worried WHY they're dying?  I bet you're running
> >> older versions than 8.2.3-RELEASE and you're suffering the effects of
> >> (attempted, possibly successful) root penetration.
> >>
> >> Kris
> >>
> >
> >--
> >
> >I am now a lesbian.  I don't like men, but thank you for writing.
> >
> >-Reply to my response to a personal ad, May 30th, 1998.
> >
> >
> >--------Dan Mahoney--------
> >Techie,  Sysadmin,  WebGeek
> >Gushi on efnet/undernet IRC
> >ICQ: 13735144   AIM: LarpGM
> >Web: http://prime.gushi.org
> >finger danm@prime.gushi.org
> >for pgp public key and tel#
> >---------------------------
> >
> >
> >
> >To Unsubscribe: send mail to majordomo@FreeBSD.org
> >with "unsubscribe freebsd-questions" in the body of the message
> >
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AFF6511.E1A8B996>