Security Incidents mailing list archives
RE: exploit or human
From: <andrew2 () one net>
Date: Tue, 29 Mar 2005 12:56:43 -0500
Are you up to date on the RedHat Kernel? I seem to recall there being a kernel bug in RedHat 7.3 for ext3 filesystems that was resolved with an updated kernel ~2 years ago. Andrew Cristian Stanca wrote:
Hello, We've got a hard disk failure (bad blocks - reported the array controller bios) on a scsi hard-disk on an INTEL platform (running Fedora Core 2 Linux operating system). What is interesting is that this hard-disk failure occurred after a "I don't know what it is... let's reboot it and see after that" situation. Situation describe by many "segmentation fault" when using typical application like vi or service or even grub-install. Grub did not start again after that (we tried to reinstall it with an Install CD 1 from Fedora and grub-install did said "segmentation fault" again) We did recover the data on that scsi hard-drive by mounting it on another machine. So far so good (sort of) After a week or so, another Linux server, began to show the same errors while giving shell commands and also sshd listened on port 22 we cannot do a ssh on it. We did not make the connection to the previous case (as we thought was a possible hardware failure), reboot it and grub did not start. We boot again with an install CD from redhat 7.3 (as we had redhat 7.3 installed on that hard-disk, and thought if any files are missing...), the hard-disk was recognized by controller (again scsi hard-disk), fdisk view the partitions, and cannot this time mount them. (As I write this the "much more important data that hardware" hard-disk is at a computer service, for data recovery. Again, on a third Linux server (redhat 7.3) we got some messages at the primary console (kernel BUG commit.c #some number, lots of stack text and hexa symbols...) and again can't do ssh on it (it responds to ping and traceroute, telnet ip_address port 22 works...). We are kind of worried regarding the reboot of this machine... Could that be a worm, exploit or something, or looks like a human intervention situation?! In the mean time, we are working at a firewall and password policies.
Current thread:
- exploit or human Cristian Stanca (Mar 29)
- RE: exploit or human andrew2 (Mar 29)
- Re: exploit or human Kevin Reardon (Mar 30)
- Re: exploit or human Tim (Mar 30)
- Re: exploit or human Valentin Avram (Mar 30)
- Re: exploit or human Victor Calzado (Mar 31)
- Re: exploit or human Eduardo Kienetz (Mar 31)
- Re: exploit or human Juri Haberland (Mar 31)
- Re: exploit or human Victor Calzado (Mar 31)
- Re: exploit or human Ben Nelson (Mar 30)
- RE: exploit or human andrew2 (Mar 29)