From: Silvex Security Team (securityat_private)
Date: Wed Oct 17 2001 - 15:11:03 PDT

  • Next message: hvdkooijat_private: "Re: incident"

    A Sun E6500 had a problem with one of the system boards. After replacing the board the system was pretty unstable. Some things will work but others will not:
    1) Telnet to the machine would not work, but from the machine to others will.
    2) ftp worked in/out
    3) CDE will not come up.
    4) netstat -r will hang
    5) lsof will hang 
    6) ps -ef will start but hang.
    7) modinfo will start but hang at the end.
    I did found the /etc/hosts file truncated and the /etc/defaultrouter was 
    missing. After fixing this nothing changed. I checked /etc/, 
    /etc/defaultrouter, ifconfig -a, and everything was in place. I ran chkrootkit
    and found nothing on the system. The RC3 scripts never finished so we were 
    in between level2 and level3.
    Would this be the behavior of a comprised machine ? 
    How if that was the cause, made it happen ?
    This machine is in a secure area -- not military -- and only production support
    folks have acces to it -- DBAs and SAs. SAs have root password, but not DBAs.
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Wed Oct 17 2001 - 15:19:06 PDT