[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] RaQ3 dies again for no reason - we maybe no reason
- Subject: [cobalt-users] RaQ3 dies again for no reason - we maybe no reason
- From: Chae <chae@xxxxxxxxxxxx>
- Date: Tue Aug 6 03:21:23 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Hi Yah,
Me again :) The RaQ3 that died for no reason last week died again tonight.
On the logs an hour before it died the following could be seen...
Aug 6 19:18:34 ns kernel: possible SYN flooding on port 80. Sending cookies.
Then an hour later the same as last week - no access via HTTP, FTP or SSH
yet the logs prior to reboot were as follows: xxx.xxx being our IP
Security Violations
=-=-=-=-=-=-=-=-=-=
Aug 6 20:05:14 ns kernel: Packet log: input DENY eth0 PROTO=17
195.235.16.253:638 xxx.xxx.64.124:37852 L=38 S=0x00 I=19996 F=0x0000 T=48 (#86)
Aug 6 20:05:14 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:80 xxx.xxx.64.124:53 L=40 S=0x00 I=20000 F=0x0000 T=48 (#71)
Aug 6 20:05:14 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:636 xxx.xxx.64.124:53 L=40 S=0x00 I=20002 F=0x0000 T=48 SYN
(#71)
Aug 6 20:05:16 ns kernel: Packet log: input DENY eth0 PROTO=17
195.235.16.253:55 xxx.xxx.79.186:37852 L=38 S=0x00 I=20010 F=0x0000 T=48 (#86)
Aug 6 20:05:16 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:80 xxx.xxx.79.186:53 L=40 S=0x00 I=20014 F=0x0000 T=48 (#71)
Aug 6 20:05:16 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=20016 F=0x0000 T=48 SYN (#71)
Aug 6 20:05:19 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:636 xxx.xxx.64.124:53 L=40 S=0x00 I=20018 F=0x0000 T=48 (#71)
Aug 6 20:05:19 ns kernel: Packet log: input DENY eth0 PROTO=17
195.235.16.253:638 xxx.xxx.64.124:37852 L=38 S=0x00 I=20020 F=0x0000 T=48 (#86)
Aug 6 20:05:19 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:80 xxx.xxx.64.124:53 L=40 S=0x00 I=20024 F=0x0000 T=48 (#71)
Aug 6 20:05:19 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:636 xxx.xxx.64.124:53 L=40 S=0x00 I=20026 F=0x0000 T=48 SYN
(#71)
Aug 6 20:05:21 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=20030 F=0x0000 T=48 (#71)
Aug 6 20:05:21 ns kernel: Packet log: input DENY eth0 PROTO=17
195.235.16.253:55 xxx.xxx.79.186:37852 L=38 S=0x00 I=20032 F=0x0000 T=48 (#86)
Aug 6 20:05:21 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:80 xxx.xxx.79.186:53 L=40 S=0x00 I=20036 F=0x0000 T=48 (#71)
Aug 6 20:05:21 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=20038 F=0x0000 T=48 SYN (#71)
Aug 6 20:05:24 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:636 xxx.xxx.64.124:53 L=40 S=0x00 I=20074 F=0x0000 T=48 (#71)
Aug 6 20:05:24 ns kernel: Packet log: input DENY eth0 PROTO=17
212.163.178.253:638 xxx.xxx.64.124:37852 L=38 S=0x00 I=20076 F=0x0000 T=51
(#86)
Aug 6 20:05:24 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:80 xxx.xxx.64.124:53 L=40 S=0x00 I=20080 F=0x0000 T=51 (#71)
Aug 6 20:05:24 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:636 xxx.xxx.64.124:53 L=40 S=0x00 I=20082 F=0x0000 T=51 SYN
(#71)
Aug 6 20:05:26 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=20084 F=0x0000 T=48 (#71)
Aug 6 20:05:26 ns kernel: Packet log: input DENY eth0 PROTO=17
212.163.178.253:55 xxx.xxx.79.186:37852 L=38 S=0x00 I=20086 F=0x0000 T=51 (#86)
Aug 6 20:05:26 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:80 xxx.xxx.79.186:53 L=40 S=0x00 I=20090 F=0x0000 T=51 (#71)
Aug 6 20:05:26 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=20092 F=0x0000 T=51 SYN
(#71)
Aug 6 20:05:29 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:636 xxx.xxx.64.124:53 L=40 S=0x00 I=20094 F=0x0000 T=51 (#71)
Aug 6 20:05:29 ns kernel: Packet log: input DENY eth0 PROTO=17
212.163.178.253:638 xxx.xxx.64.124:37852 L=38 S=0x00 I=20096 F=0x0000 T=51
(#86)
Aug 6 20:05:29 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:80 xxx.xxx.64.124:53 L=40 S=0x00 I=20100 F=0x0000 T=51 (#71)
Aug 6 20:05:29 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:636 xxx.xxx.64.124:53 L=40 S=0x00 I=20102 F=0x0000 T=51 SYN
(#71)
Aug 6 20:05:31 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=20104 F=0x0000 T=51 (#71)
Aug 6 20:05:31 ns kernel: Packet log: input DENY eth0 PROTO=17
212.163.178.253:55 xxx.xxx.79.186:37852 L=38 S=0x00 I=20106 F=0x0000 T=51 (#86)
Aug 6 20:05:31 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:80 xxx.xxx.79.186:53 L=40 S=0x00 I=20110 F=0x0000 T=51 (#71)
Aug 6 20:05:31 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=20112 F=0x0000 T=51 SYN
(#71)
Aug 6 20:05:34 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:636 xxx.xxx.64.124:53 L=40 S=0x00 I=20122 F=0x0000 T=51 (#71)
Aug 6 20:05:34 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:636 xxx.xxx.64.124:53 L=40 S=0x00 I=20124 F=0x0000 T=51 (#71)
Aug 6 20:05:36 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=20130 F=0x0000 T=51 (#71)
Aug 6 20:05:36 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=20132 F=0x0000 T=51 (#71)
Aug 6 20:11:33 ns kernel: Packet log: input DENY eth0 PROTO=17
208.155.78.3:42 224.0.1.24:42 L=47 S=0x00 I=15387 F=0x0000 T=2 (#82)
Aug 6 20:24:24 ns kernel: Packet log: input DENY eth0 PROTO=17
195.235.16.253:55 xxx.xxx.79.186:37852 L=38 S=0x00 I=23990 F=0x0000 T=48 (#86)
Aug 6 20:24:24 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:80 xxx.xxx.79.186:53 L=40 S=0x00 I=23994 F=0x0000 T=48 (#71)
Aug 6 20:24:24 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=23996 F=0x0000 T=48 SYN (#71)
Aug 6 20:24:29 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=24010 F=0x0000 T=48 (#71)
Aug 6 20:24:29 ns kernel: Packet log: input DENY eth0 PROTO=17
195.235.16.253:55 xxx.xxx.79.186:37852 L=38 S=0x00 I=24012 F=0x0000 T=48 (#86)
Aug 6 20:24:29 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:80 xxx.xxx.79.186:53 L=40 S=0x00 I=24016 F=0x0000 T=48 (#71)
Aug 6 20:24:29 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=24018 F=0x0000 T=48 SYN (#71)
Aug 6 20:24:34 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=24034 F=0x0000 T=48 (#71)
Aug 6 20:24:34 ns kernel: Packet log: input DENY eth0 PROTO=17
212.163.178.253:55 xxx.xxx.79.186:37852 L=38 S=0x00 I=24036 F=0x0000 T=51 (#86)
Aug 6 20:24:34 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:80 xxx.xxx.79.186:53 L=40 S=0x00 I=24040 F=0x0000 T=51 (#71)
Aug 6 20:24:34 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=24042 F=0x0000 T=51 SYN
(#71)
Aug 6 20:24:39 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=24064 F=0x0000 T=51 (#71)
Aug 6 20:24:39 ns kernel: Packet log: input DENY eth0 PROTO=17
212.163.178.253:55 xxx.xxx.79.186:37852 L=38 S=0x00 I=24066 F=0x0000 T=51 (#86)
Aug 6 20:24:39 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:80 xxx.xxx.79.186:53 L=40 S=0x00 I=24070 F=0x0000 T=51 (#71)
Aug 6 20:24:39 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=24072 F=0x0000 T=51 SYN
(#71)
Aug 6 20:24:44 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=24078 F=0x0000 T=51 (#71)
Aug 6 20:24:44 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=24080 F=0x0000 T=51 (#71)
Aug 6 20:51:32 ns kernel: Packet log: input DENY eth0 PROTO=17
208.155.78.3:42 224.0.1.24:42 L=47 S=0x00 I=16550 F=0x0000 T=2 (#82)
Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Aug 6 04:01:22 ns fcheck: "WARNING: [ns.xxxxxxxxxxxxxxxx.com] /usr/tmp
[Times: Aug 06 03:01 2002 - Aug 06 04:01 2002]"
Aug 6 04:01:24 ns fcheck: "WARNING: [ns.xxxxxxxxxxxxxxxxxx.com]
/tmp/FProtBusy.lock [Times: Aug 06 03:01 2002 - Aug 06 03:18 2002]"
Aug 6 04:02:00 ns fcheck: "INFO: Rebuild of the fcheck database
/usr/local/etc/fcheck/fcheck.dbf begun for ns.xxxxxxxxxxxx.com using config
file /usr/local/etc/fcheck/fcheck.cfg"
Aug 6 20:05:14 ns kernel: Packet log: input DENY eth0 PROTO=17
195.235.16.253:638 xxx.xxx.64.124:37852 L=38 S=0x00 I=19996 F=0x0000 T=48 (#86)
Aug 6 20:05:14 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:80 xxx.xxx.64.124:53 L=40 S=0x00 I=20000 F=0x0000 T=48 (#71)
Aug 6 20:05:14 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:636 xxx.xxx.64.124:53 L=40 S=0x00 I=20002 F=0x0000 T=48 SYN
(#71)
Aug 6 20:05:16 ns kernel: Packet log: input DENY eth0 PROTO=17
195.235.16.253:55 xxx.xxx.79.186:37852 L=38 S=0x00 I=20010 F=0x0000 T=48 (#86)
Aug 6 20:05:16 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:80 xxx.xxx.79.186:53 L=40 S=0x00 I=20014 F=0x0000 T=48 (#71)
Aug 6 20:05:16 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=20016 F=0x0000 T=48 SYN (#71)
Aug 6 20:05:19 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:636 xxx.xxx.64.124:53 L=40 S=0x00 I=20018 F=0x0000 T=48 (#71)
Aug 6 20:05:19 ns kernel: Packet log: input DENY eth0 PROTO=17
195.235.16.253:638 xxx.xxx.64.124:37852 L=38 S=0x00 I=20020 F=0x0000 T=48 (#86)
Aug 6 20:05:19 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:80 xxx.xxx.64.124:53 L=40 S=0x00 I=20024 F=0x0000 T=48 (#71)
Aug 6 20:05:19 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:636 xxx.xxx.64.124:53 L=40 S=0x00 I=20026 F=0x0000 T=48 SYN
(#71)
Aug 6 20:05:21 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=20030 F=0x0000 T=48 (#71)
Aug 6 20:05:21 ns kernel: Packet log: input DENY eth0 PROTO=17
195.235.16.253:55 xxx.xxx.79.186:37852 L=38 S=0x00 I=20032 F=0x0000 T=48 (#86)
Aug 6 20:05:21 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:80 xxx.xxx.79.186:53 L=40 S=0x00 I=20036 F=0x0000 T=48 (#71)
Aug 6 20:05:21 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=20038 F=0x0000 T=48 SYN (#71)
Aug 6 20:05:24 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:636 xxx.xxx.64.124:53 L=40 S=0x00 I=20074 F=0x0000 T=48 (#71)
Aug 6 20:05:24 ns kernel: Packet log: input DENY eth0 PROTO=17
212.163.178.253:638 xxx.xxx.64.124:37852 L=38 S=0x00 I=20076 F=0x0000 T=51
(#86)
Aug 6 20:05:24 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:80 xxx.xxx.64.124:53 L=40 S=0x00 I=20080 F=0x0000 T=51 (#71)
Aug 6 20:05:24 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:636 xxx.xxx.64.124:53 L=40 S=0x00 I=20082 F=0x0000 T=51 SYN
(#71)
Aug 6 20:05:26 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=20084 F=0x0000 T=48 (#71)
Aug 6 20:05:26 ns kernel: Packet log: input DENY eth0 PROTO=17
212.163.178.253:55 xxx.xxx.79.186:37852 L=38 S=0x00 I=20086 F=0x0000 T=51 (#86)
Aug 6 20:05:26 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:80 xxx.xxx.79.186:53 L=40 S=0x00 I=20090 F=0x0000 T=51 (#71)
Aug 6 20:05:26 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=20092 F=0x0000 T=51 SYN
(#71)
Aug 6 20:05:29 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:636 xxx.xxx.64.124:53 L=40 S=0x00 I=20094 F=0x0000 T=51 (#71)
Aug 6 20:05:29 ns kernel: Packet log: input DENY eth0 PROTO=17
212.163.178.253:638 xxx.xxx.64.124:37852 L=38 S=0x00 I=20096 F=0x0000 T=51
(#86)
Aug 6 20:05:29 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:80 xxx.xxx.64.124:53 L=40 S=0x00 I=20100 F=0x0000 T=51 (#71)
Aug 6 20:05:29 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:636 xxx.xxx.64.124:53 L=40 S=0x00 I=20102 F=0x0000 T=51 SYN
(#71)
Aug 6 20:05:31 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=20104 F=0x0000 T=51 (#71)
Aug 6 20:05:31 ns kernel: Packet log: input DENY eth0 PROTO=17
212.163.178.253:55 xxx.xxx.79.186:37852 L=38 S=0x00 I=20106 F=0x0000 T=51 (#86)
Aug 6 20:05:31 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:80 xxx.xxx.79.186:53 L=40 S=0x00 I=20110 F=0x0000 T=51 (#71)
Aug 6 20:05:31 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=20112 F=0x0000 T=51 SYN
(#71)
Aug 6 20:05:34 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:636 xxx.xxx.64.124:53 L=40 S=0x00 I=20122 F=0x0000 T=51 (#71)
Aug 6 20:05:34 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:636 xxx.xxx.64.124:53 L=40 S=0x00 I=20124 F=0x0000 T=51 (#71)
Aug 6 20:05:36 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=20130 F=0x0000 T=51 (#71)
Aug 6 20:05:36 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=20132 F=0x0000 T=51 (#71)
Aug 6 20:11:33 ns kernel: Packet log: input DENY eth0 PROTO=17
208.155.78.3:42 224.0.1.24:42 L=47 S=0x00 I=15387 F=0x0000 T=2 (#82)
Aug 6 20:24:24 ns kernel: Packet log: input DENY eth0 PROTO=17
195.235.16.253:55 xxx.xxx.79.186:37852 L=38 S=0x00 I=23990 F=0x0000 T=48 (#86)
Aug 6 20:24:24 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:80 xxx.xxx.79.186:53 L=40 S=0x00 I=23994 F=0x0000 T=48 (#71)
Aug 6 20:24:24 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=23996 F=0x0000 T=48 SYN (#71)
Aug 6 20:24:29 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=24010 F=0x0000 T=48 (#71)
Aug 6 20:24:29 ns kernel: Packet log: input DENY eth0 PROTO=17
195.235.16.253:55 xxx.xxx.79.186:37852 L=38 S=0x00 I=24012 F=0x0000 T=48 (#86)
Aug 6 20:24:29 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:80 xxx.xxx.79.186:53 L=40 S=0x00 I=24016 F=0x0000 T=48 (#71)
Aug 6 20:24:29 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=24018 F=0x0000 T=48 SYN (#71)
Aug 6 20:24:34 ns kernel: Packet log: input DENY eth0 PROTO=6
195.235.16.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=24034 F=0x0000 T=48 (#71)
Aug 6 20:24:34 ns kernel: Packet log: input DENY eth0 PROTO=17
212.163.178.253:55 xxx.xxx.79.186:37852 L=38 S=0x00 I=24036 F=0x0000 T=51 (#86)
Aug 6 20:24:34 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:80 xxx.xxx.79.186:53 L=40 S=0x00 I=24040 F=0x0000 T=51 (#71)
Aug 6 20:24:34 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=24042 F=0x0000 T=51 SYN
(#71)
Aug 6 20:24:39 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=24064 F=0x0000 T=51 (#71)
Aug 6 20:24:39 ns kernel: Packet log: input DENY eth0 PROTO=17
212.163.178.253:55 xxx.xxx.79.186:37852 L=38 S=0x00 I=24066 F=0x0000 T=51 (#86)
Aug 6 20:24:39 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:80 xxx.xxx.79.186:53 L=40 S=0x00 I=24070 F=0x0000 T=51 (#71)
Aug 6 20:24:39 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=24072 F=0x0000 T=51 SYN
(#71)
Aug 6 20:24:44 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=24078 F=0x0000 T=51 (#71)
Aug 6 20:24:44 ns kernel: Packet log: input DENY eth0 PROTO=6
212.163.178.253:53 xxx.xxx.79.186:53 L=40 S=0x00 I=24080 F=0x0000 T=51 (#71)
Aug 6 20:35:34 ns named[824]: Cleaned cache of 768 RRsets
Aug 6 20:35:34 ns named[824]: USAGE 1028622934 1028144143
CPU=299.41u/223.31s CHILDCPU=0u/0s
Aug 6 20:35:34 ns named[824]: NSTATS 1028622934 1028144143 A=50803 NS=2
CNAME=663 SOA=28 PTR=320474 MX=10287 TXT=209 AAAA=4154 A6=3658 ANY=23186
Aug 6 20:35:34 ns named[824]: XSTATS 1028622934 1028144143 RR=402577
RNXD=159393 RFwdR=153497 RDupR=366 RFail=8115 RFErr=36335 RErr=874 RAXFR=0
RLame=31181 ROpts=0 SSysQ=143877 SAns=429728 SFwdQ=189401 SDupQ=272984
SErr=2 RQ=413464 RIQ=0 RFwdQ=189401 RDupQ=916 RTCP=2961 SFwdR=153497
SFail=128 SFErr=0 SNaAns=129553 SNXD=138304 RUQ=0 RURQ=0 RUXFR=0 RUUpd=0
Aug 6 20:51:32 ns kernel: Packet log: input DENY eth0 PROTO=17
208.155.78.3:42 224.0.1.24:42 L=47 S=0x00 I=16550 F=0x0000 T=2 (#82)
Aug 6 20:02:24 ns sendmail[4657]: UAA04657: from=root, size=37350,
class=0, pri=67350, nrcpts=1, msgid=<200208060801.UAA04657@xxxxxxxxxxx>,
relay=root@localhost
Aug 6 20:02:24 ns sendmail[4657]: UAA04657: to=xxxx@xxxxxxxxxxxxxx,
delay=00:01:20, mailer=esmtp, stat=queued
Aug 6 20:15:15 ns sendmail[5238]: NOQUEUE: Null connection from localhost
[127.0.0.1]
Aug 6 20:30:15 ns sendmail[5839]: NOQUEUE: Null connection from localhost
[127.0.0.1]
Aug 6 20:45:15 ns sendmail[6442]: NOQUEUE: Null connection from localhost
[127.0.0.1]
Aug 6 21:00:15 ns sendmail[7043]: NOQUEUE: Null connection from localhost
[127.0.0.1]
So as you can see the server was still up and running as before but no
access and you can see active monitor was checking sendmail though mail
wasn't being sent of course through the server, I've checked with the colo
and they tell me there was no network loss - I can only take their word for
it, and yes as before all the appropriate services are checked and on in
the GUI.
I'm getting a bit concerned now as this is starting to become a regular
occurance and I'd love to nail this on on the head.
Chkrootkit showing the server clean
Fcheck not showing any file changes or additions
Bash History not showing anything that I haven't done myself
Only I have root access to the machine
Anyone any suggestions or ideas as to what may be causing this. Ther server
been patched with all the latest and greatest only thing it's waiting on is
the SSL update from Sun Cobalt.
Regards
Chae