incident

[Silvex Security Team <security () ns1 silvex com>]

A Sun E6500 had a problem with one of the system boards. After replacing the board the system was pretty unstable. Some 
things will work but others will not:

1) Telnet to the machine would not work, but from the machine to others will.
2) ftp worked in/out
3) CDE will not come up.
4) netstat -r will hang
5) lsof will hang 
6) ps -ef will start but hang.
7) modinfo will start but hang at the end.

I did found the /etc/hosts file truncated and the /etc/defaultrouter was 
missing. After fixing this nothing changed. I checked /etc/nsswitch.com, 
/etc/defaultrouter, ifconfig -a, and everything was in place. I ran chkrootkit
and found nothing on the system. The RC3 scripts never finished so we were 
in between level2 and level3.

Would this be the behavior of a comprised machine ? 
How if that was the cause, made it happen ?

This machine is in a secure area -- not military -- and only production support
folks have acces to it -- DBAs and SAs. SAs have root password, but not DBAs.



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com