[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Mailscanner for RAQ3/4 pkg available
- Subject: Re: [cobalt-users] Mailscanner for RAQ3/4 pkg available
- From: "Webmaster : Beyond2K" <Hostmaster@xxxxxxxxxxxxxx>
- Date: Thu Jul 18 05:35:01 2002
- Organization: Beyond2K
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
> uninstall mailscanner using the cobalt pkg uninstall routine and it will
> automaically change syslog back to the original settings.
>
> I would be surprised if this however is what is causing the cpu problem.
You are of course correct. Mailscanner is working fine - as is syslogd.
The syslogd high CPU usage is being caused by ipchains blocking ports 137 and 138 and syslog writing an entry in /var/log/kernel
everytime it rejects. This in itself is not causing the problem - just the frequency I think? Most my server have a kernel log of
around 2 meg a day - this server managed 40 meg in 4 hours last night :/
It seems someone's box at our host may be compromised as we are getting 10-20 rejections (input) written in the log every second
(with ipchains on) from 1 IP. Unless there is a another explanation for accessing port 137/138?
What's the best way of blocking this IP anyway? Have looked in the archives and done the following so far.
1) Ipchains does work but the syslogd CPU problem is a bit unbearable.
2) Portsentry (1.1-fr5 pkg version) is installed and running - no effect.
3) I've added the IP to hosts.deny and restarted inet - no effect.
4) /sbin/route add -host <ip-address> reject - no effect.
Any help is appreciated.
Apologies to Steve Bassi for suspecting your package - great piece of work btw.
Brett
B3K.net - Webmaster / Hostmaster
---------------------------------------------
The World's premier mobile phone boutique
With free SMS & free personal No's
www.b3k.net