Date: Mon, 22 May 2000 09:31:29 +0930 From: Greg Lehey <grog@lemis.com> To: Khairuddin Abdul Ghani <abdulgha@usc.edu> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: mysterious shutdowns Message-ID: <20000522093128.A77130@freebie.lemis.com> In-Reply-To: <00b401bfc354$31b72aa0$6f1f7d80@phoenix> References: <00b401bfc354$31b72aa0$6f1f7d80@phoenix>
next in thread | previous in thread | raw e-mail | index | archive | help
[Format recovered--see http://www.lemis.com/email/email-format.html] On Sunday, 21 May 2000 at 11:41:36 -0700, Khairuddin Abdul Ghani wrote: > Hello. > > First thanks to Crist for helping me with my talkd problem, but now there > seems to be something more sinister happening on my machine. > > At least once a day, the machine would 'shutdown' (as noted in the 'last' > output) mysteriously for no apparent reason. What bothers me is that just > before or during each shutdown, there would be a ton of traffic going into > the machine (an outside attack it seems). Unfortunately, nothing seems to be > logged, because syslogd dies during the shutdown. Sometimes certain > libraries like mm and tcl which are heavily used would disappear. > > At the moment I'm trying to log incoming connections with log_in_vain, and > maybe just running tcpdump indefinitely. If there are any better ways, > please tell. I have IPFIREWALL compiled with log amount of 50 and VERBOSE. > > Best regards, Rudy. > > eg. last | grep shutdown: Please don't wrap these lines. > shutdown ~ Fri May 19 15:09 > flash ttypm 194.133.37.38 Fri May 19 15:04 - shutdown (00:05) > misterio ttyp5 62.11.132.164 Fri May 19 15:01 - shutdown (00:07) > di0lam0r ttypb a-na12-61.tin.it Fri May 19 12:44 - shutdown (02:24) > xgen ttyp6 res-3617.usc.edu Fri May 19 10:59 - shutdown(04:09) > > /var/log/messages: > May 21 05:21:47 sage syslogd: exiting on signal 15 It would be interesting to know what version of FreeBSD you're running. We had a problem with symptoms like this in -CURRENT recently, but if you're running -CURRENT, you should be discussing the problem on the FreeBSD-current mailing list, not here. Greg -- When replying to this message, please copy the original recipients. For more information, see http://www.lemis.com/questions.html Finger grog@lemis.com for PGP public key See complete headers for address and phone numbers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000522093128.A77130>