incident

From: Silvex Security Team (securityat_private)
Date: Wed Oct 17 2001 - 15:11:03 PDT

  • Next message: hvdkooijat_private: "Re: incident"

    A Sun E6500 had a problem with one of the system boards. After replacing the board the system was pretty unstable. Some things will work but others will not:
    
    1) Telnet to the machine would not work, but from the machine to others will.
    2) ftp worked in/out
    3) CDE will not come up.
    4) netstat -r will hang
    5) lsof will hang 
    6) ps -ef will start but hang.
    7) modinfo will start but hang at the end.
    
    I did found the /etc/hosts file truncated and the /etc/defaultrouter was 
    missing. After fixing this nothing changed. I checked /etc/nsswitch.com, 
    /etc/defaultrouter, ifconfig -a, and everything was in place. I ran chkrootkit
    and found nothing on the system. The RC3 scripts never finished so we were 
    in between level2 and level3.
    
    Would this be the behavior of a comprised machine ? 
    How if that was the cause, made it happen ?
    
    This machine is in a secure area -- not military -- and only production support
    folks have acces to it -- DBAs and SAs. SAs have root password, but not DBAs.
    
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Wed Oct 17 2001 - 15:19:06 PDT