Date: Thu, 12 Aug 1999 03:19:42 +1000 From: Greg Black <gjb-freebsd@gba.oz.au> To: Doug White <dwhite@resnet.uoregon.edu> Cc: Donald Burr <dburr@Powered-By.AC>, FreeBSD Questions <freebsd-questions@FreeBSD.ORG>, FreeBSD Security <freebsd-security@FreeBSD.ORG> Subject: Re: umountall requests - what does this all mean? Message-ID: <19990811171943.8382.qmail@alice.gba.oz.au> In-Reply-To: <Pine.BSF.4.10.9908091639070.1164-100000@resnet.uoregon.edu> of Mon, 09 Aug 1999 16:39:42 MST References: <Pine.BSF.4.10.9908091639070.1164-100000@resnet.uoregon.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Doug White writes: > > Aug 7 19:04:49 60-Hz mountd[150]: umountall request from 207.71.226.193 from unprivileged port > > > > 207.71.226.193 is the IP addressed assigned to me by my ADSL provider, so > > I can only assume that these packets are coming in through the ADSL modem. > > > > What do these messages mean, and should I be worried about them? And how > > do I block them? > > What IP is 60-Hz? > > It's probably another machine trying to dismount partitions and mountd > doesn't recognize it. Probably harmless. I got some similar messages on a 3.2 box a couple of days ago. At the time it was connected only to my home LAN and no machines outside of my office were physically connected to the LAN for some hours before or after the messages appeared. I was doing some NFS mounts to that box, but there was no genuine umount request at the time the message appeared. In fact, now that I check the log, the IP that the alleged request came from was the IP of the host that complained -- there was no umount ever done on the box that day. I would have looked at it a bit harder, but I was in the middle of determining why the box was suffering repeated panics. Since each panic took 45 minutes to induce and it took ten panics and a few new kernels to find a solution and a few more iterations of my test to feel confident that the panics were over, and this minor detail got ignored. The umountall notices came in the following sequence [I've folded long lines and indented the continuations]: Aug 10 12:30:37 bambi /kernel: changing root device to wd0s1a Aug 10 12:30:37 bambi named[102]: starting. named 8.1.2 Tue May 18 03:29:06 GMT 1999 jkh@cathair:/usr/obj/usr/src/usr.sbin/named Aug 10 12:30:37 bambi named[103]: Ready to answer queries. Aug 10 12:31:33 bambi login: ROOT LOGIN (root) ON ttyv0 Aug 10 12:54:39 bambi mountd[120]: umountall request from 192.168.1.12 from unprivileged port Aug 10 12:54:43 bambi mountd[120]: umountall request from 192.168.1.12 from unprivileged port Aug 10 13:05:21 bambi mountd[120]: mount request succeeded from 192.168.1.52 for /gba2 Aug 10 13:37:16 bambi /kernel: Out of mbuf clusters - adjust NMBCLUSTERS or increase maxusers! Aug 10 13:37:16 bambi /kernel: xl0: no memory for rx list -- packet dropped! The first line is the end of the immediately previous reboot after the previous panic. The log continues in full up to the next panic. The root login at 12:31 was genuine and it was partly to ensure that the DNS stuff was all working correctly. The IP of the machine in question (bambi) was 192.168.1.12. The two umountall lines from that same IP at 12:54:{39,43} were spurious. The mount from 192.168.1.52 was the NFS mount that I ran as part of the next test that was destined to crash the machine 32 minutes later when it ran out of mbufs. Nothing else was happening at the time. These messages did not appear during any other tests. -- Greg Black -- <gjb@acm.org> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990811171943.8382.qmail>