[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Re: The ongoing saga of the dying RaQ3
- Subject: [cobalt-users] Re: The ongoing saga of the dying RaQ3
- From: Chae <chae@xxxxxxxxxxxx>
- Date: Thu Aug 8 22:12:01 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Hi Yah,
Jeff replied:
"RaQs don't have network cards. They have a built-in network
connection. So the only thing that could wiggle loose would be the
actual plugged-in eithernet wire."
Jeff I wouldn't know as the server is on the other side of the world from
me and I must admit I've never even see a "real live RaQ"
"Have you made sure you're not hacked? At the very least, get a copy of
the latest "chkrootkit" (http://www.chkrootkit.org/), install it, and
run it, and let us know if you get any positives. Don't faint if you do
<grin>... there are such things as false positives."
There was several previous posts last week or the week before Jeff
regarding the mysterious death that the servers having, chkrootkit is
showing nothing unusual apart from the odd lkm warning every now and then
but that's normal on a RaQ, run it manually straight after I see it and it
shows nothing and all other security measures are in place, the log files
show that while the server wasn't accessible by http, ftp or ssh active
monitor was still checking sendmail, ftp etc even mailscanner was doing
it's thing every 4 hours and even weirder was that there were some IPChains
logs on logcheck - so some traffic was getting to the server. I know the
servers not dead cause at one point it was down for 4 hours before we
noticed, rebooted and within 20 minutes the hourly logcheck reports came
through to us with logs for the time it was down - nothing much on them though.
I know it wasn't an ISP issue with me not being able to get access to the
server as I have 4 different ISP accounts and each one couldn't reach the
server, I also know it wasn't a New Zealand issue as several of my Canadian
and US based customers complained about not being able to access their web
site or get email.
Now I can't ping or traceroute to the machine as the firewall rules that
have been set-up for this server has those blocked - reason being that not
that long ago we were receiving the old ping of death attack for a while
and our colo recommended that we modified our rules to prevent it from
happening again.
So as you see I'm totally confused as to what the servers doing
Regards
Chae