Date: Sun, 13 May 2001 23:54:41 -0500 From: John Baxter <jbaxter@mmcable.com> To: Ted Mittelstaedt <tedm@toybox.placo.com> Cc: "Dan Mahoney, System Admin" <danm@prime.gushi.org>, Kris Kennaway <kris@obsecurity.org>, questions@FreeBSD.ORG Subject: Re: onitoring named Message-ID: <3AFF6511.E1A8B996@mmcable.com> References: <001901c0dc30$8da1b560$1401a8c0@tedm.placo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
you should visit cert.org and search for 'lion worm'. it is a chinese hack kit. Ted Mittelstaedt wrote: > > You might check into the system ram that the named process is > using for it's cache. You may be overflowing an internal table > or so. What are your MAXUSERS set to in the kernel and do you > have any other kernel variables defined? > > Ted Mittelstaedt tedm@toybox.placo.com > Author of: The FreeBSD Corporate Networker's Guide > Book website: http://www.freebsd-corp-net-guide.com > > >-----Original Message----- > >From: owner-freebsd-questions@FreeBSD.ORG > >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Dan Mahoney, > >System Admin > >Sent: Saturday, May 12, 2001 9:49 AM > >To: Kris Kennaway > >Cc: questions@FreeBSD.ORG > >Subject: Re: onitoring named > > > > > >On Fri, 11 May 2001, Kris Kennaway wrote: > > > >> On Sat, May 12, 2001 at 01:17:56AM -0400, Dan Mahoney, System > >Admin wrote: > >> > Hi all. I noticed recently that I've had a high occurence of > >named dying > >> > on various machines. What would I put in a crontab to restart > >it only if > >> > it's not running? I'm not sure how to format the if statement. > > > >Okay, on a freeBSD 3.2-Release server I found an implementation of NDC > >that was written as a (buggy, but easily fixed) shell script. I have > >installed this on my 4.2 boxen as "shndc", and run it from a crontab every > >20 minutes. > > > >My nameservers are both very secure dedicated machines that, other than > >webmin (boss's requirement) run nothing but DNS service. Occasionally I > >see them die on signal 11, more often with no explanation at all. These > >are the latest version, running in the most secure fashion I can get info > >on. (chrooted as an unprivileged user, with quotas). Has anyone else had > >problems with named dying? > > > >-Dan > > > >> > >> Aren't you at all worried WHY they're dying? I bet you're running > >> older versions than 8.2.3-RELEASE and you're suffering the effects of > >> (attempted, possibly successful) root penetration. > >> > >> Kris > >> > > > >-- > > > >I am now a lesbian. I don't like men, but thank you for writing. > > > >-Reply to my response to a personal ad, May 30th, 1998. > > > > > >--------Dan Mahoney-------- > >Techie, Sysadmin, WebGeek > >Gushi on efnet/undernet IRC > >ICQ: 13735144 AIM: LarpGM > >Web: http://prime.gushi.org > >finger danm@prime.gushi.org > >for pgp public key and tel# > >--------------------------- > > > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-questions" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AFF6511.E1A8B996>