Re: Reboot in output from "last":
From: Tim Haynes (usenet@stirfried.vegetable.org.uk)Date: 10/24/02
- Next message: Michael Vaughan: "Re: An unusual log entry"
- Previous message: Tim Haynes: "(no subject)"
- In reply to: Dan: "Re: Reboot in output from "last":"
- Next in thread: Dan: "Re: Reboot in output from "last":"
- Reply: Dan: "Re: Reboot in output from "last":"
- Reply: Carlos Moreno: "Re: Reboot in output from "last":"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Tim Haynes <usenet@stirfried.vegetable.org.uk> Date: Thu, 24 Oct 2002 21:20:25 +0100
"Dan" <madman_dan@hotmail.com> writes:
>> /var/log/messages would be the first port of call - look for what happened
>> right before the reboot.
>
> Hmm, I see two of these in there:
>
> Oct 20 04:39:42 linuxserve rpc.statd[761]: gethostbyname error for
> ^X÷ÿ¿^X÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%62716x%hn%51859x%hn\220\220\
> 220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\
[snip]
AAAaaaaaaaaaaaaaaaargh!!!!!!
> Errm, looks dubious, but clearly not related to the reboot. anyway i
> think i've convinced myself that it was a power outage!
That's an interesting conclusion. Someone attempts to exploit rpc.statd
(which you seem to have running dangling its goolies in the wind for all to
kick at) and somehow you're *not* rooted to hell and back?!
Proceed directly to <http://www.chkrootkit.org/>, download and run. Do not
pass go. Do not collect $320.
~Tim
-- Can you tell me how to get, |piglet@stirfried.vegetable.org.uk How to get to Sesame Street? |http://spodzone.org.uk/
- Next message: Michael Vaughan: "Re: An unusual log entry"
- Previous message: Tim Haynes: "(no subject)"
- In reply to: Dan: "Re: Reboot in output from "last":"
- Next in thread: Dan: "Re: Reboot in output from "last":"
- Reply: Dan: "Re: Reboot in output from "last":"
- Reply: Carlos Moreno: "Re: Reboot in output from "last":"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
