Security Basics mailing list archives

Re: System Monitor

From: Gabriel Orozco <gabriel_orozco () mx sumida com>
Date: Mon, 30 Jan 2006 14:46:37 -0600


Hello Again

from another system on the network, also with Debian over ultrasparchardware, we took the notice that is taking about 50% for irq.

this leaded me to check and I think I found the cause of the problem:

 PID USER     PRI  NI  VIRT   RES   SHR S CPU% MEM%   TIME+  Command
   3 root      18  19     0     0     0 S  0.0  0.0  0:00.00 ksoftirqd_CPU0

I think this process is the cause, and just noted that. Need to researchin order to understand what happens with Linux over Sparc hardware forthis to happend.


but IMHO this is a kind of "DoS" self-made...

More to follow,
in the mean time, thanks for all your answers

Gabriel

Hello Every buddy

I'm checking another computer on the network. thats has an stranger
behavior. Let me explain

This is a Linux/Debian computer installed some 9 days ago. Assigned user
want to run Moodle on it.
But they called me asking why with 40 users the server went to top
processor and memory.
Hardware is a Sun-Ultra, with 2GB of RAM, and plenty of scsi disk space...

The problem:
when I run "top" I have between 43% to 52% of processor used by "Sys"
(System Tasks)
and I cannot identify what is taking these process power.
top does not give anything using the system
nothing is being transfered (checked with iptraf)
no disk usage (using iostat)
no root kits, checked with ckrootkit some minutes ago
no programs listening, checked with netstat

I don't know which tool can help me to find the problem.
I know there should be one and am surfing freshmeat.net, but I can
happily accept any help you can give

Thanks in advance

Gabriel Orozco

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree

customizations including Emergency Management, Business ContinuityPlanning,

Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus

---------------------------------------------------------------------------ForwardSourceID:NT0000789E

Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or 
privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing 
or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you 
have received this communication in error, please notify us by reply e-mail or telephone and immediately and 
permanently delete the message and any attachments. Thank you

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

System Monitor Gabriel Orozco (Jan 28)
- Re: System Monitor FocusHacks (Jan 30)
- Re: System Monitor xyberpix (Jan 30)
- Re: System Monitor Matt Alexander (Jan 31)
- Re: System Monitor ilaiy (Jan 31)
- <Possible follow-ups>
- Re: System Monitor Gabriel Orozco (Jan 30)