Server Crash

Steve Thomas lists at STHOMAS.NET
Thu Mar 25 17:56:20 GMT 2004 

I had two servers lock on me over the weekend. Nothing in the logs to indicate what the problem was. Couldn't login from the console, could ping but no network services responded. Had to hard-boot to get them running again.

The only services/software that both of these machines run and that are open to the world are apache and bind. They both run mail, but one's using exim/mailscanner and the other's just using sendmail as the backup mx.

I did a pretty thorough search for rootkits and such (my tripwire dbs are horribly out of date, I'm afraid) and didn't find any evidence of an intrusion on either machine. Since no other machines on our network were hosed, I chalked it up to a new apache or bind DOS attack and started hoping that a fix would be out soon.



On Thu, Mar 25, 2004 at 09:40:32AM -0700, Chris Stone is rumored to have said:
>
> Had a similar problem this morning for the first time on a new server that
> has been running for a couple weeks now without issue. Console screen clean,
> syslog shows nothing. But checking the log entry timestamps at 00:41 this
> morning it all died. Could ping the server but that's it. Telneting to port
> 25 did make a connection, but no banner from sendmail.
>
>
> Chris Stone
> High Mountain Software
> www.hms.com
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
> Of Boulytchev, Vasiliy
> Sent: Thursday, March 25, 2004 9:34 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Server Crash
>
> NO!  Nothing on console/syslog :(
>
> Ho Hard Drive activity either.   NICs are still going wild.  Not able to
> communicate with the server period.
>
>
> Vasiliy Boulytchev
> Colorado Information Technologies, Inc.
> http://www.coinfotech.com
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
> Of Spicer, Kevin
> Sent: Thursday, March 25, 2004 9:13 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Server Crash
>
>
> Boulytchev, Vasiliy wrote:
> > Ladies and Gents,
> >       Hopefully everyone can participate on this discussion. One of
> our
> > production servers keeps crashing on a random basis.
>
> Could you clarify what you mean by 'crashes'.  Completely unresponsive?
> anything on the console?  syslog?
>
>
>
> BMRB International
> http://www.bmrb.co.uk
> +44 (0)20 8566 5000
> _________________________________________________________________
> This message (and any attachment) is intended only for the recipient and may
> contain confidential and/or privileged material.  If you have received this
> in error, please contact the sender and delete this message immediately.
> Disclosure, copying or other action taken in respect of this email or in
> reliance on it is prohibited.  BMRB International Limited accepts no
> liability in relation to any personal emails, or content of any email which
> does not directly relate to our business.

--
"I have read your book and much like it."
- Moses Hadas (1900-1966)

More information about the MailScanner mailing list