On Wed, Jun 11, 2003 at 10:27:52AM +0800, Rolf Schatzmann wrote: > One of my debian servers (stable) has been locking up over the last > few prior to this it has been rock solid for over a year. I > had suspected that there might be a hardware failure somever > however the last error in Syslog before it locks up is shown > below, is this a buffer overun exploit or something? > Jun 11 01:24:35 mail rpc.statd[269]: gethostbyname error for
That is a *very* old buffer overflow. It affected Redhat 6.2 or something. Potato was originally vulnerable to it, but was patched. Woody was never vulnerable. > Jun 11 02:42:25 mail kernel: 62.81.124.205 sent an invalid ICMP error to a > broadcast. It's possible that this is a side-effect of something nasty that's going on. Certainly 62.81.124.205 is doing something it shouldn't be doing, but that should not cause your machine to lock up. Consider using a tool like tcpdump or snort to help you look for malicious traffic. I would, however, favor the idea that there's probably something else causing your machine to crash. noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
pgp00000.pgp
Description: PGP signature
