大家有空帮看一下是否可能受到攻击

quakelee

另外也有可能不是内核崩溃，我记得freebsd如果内核崩溃之后会自动重启的，可是系统挂住了没有自动重启，最后是叫机房的人手动重启的：（

kinux

原帖由 "quakelee" 发表：
   
all services I was running is in the first one,
I have checked the vsftpd's log but is okay.
before crashed it got about 480kb/s packet rate in 5 minutes, and after that the machine crashed.
..........

   

480Kb/s should be  higher, and i can sure you are being attack by udp, check you snmp are open to public..
Try to check there is any advisories on your system application software..

quakelee

原帖由 "kinux" 发表：
   

480Kb/s should be  higher, and i can sure you are being attack by udp, check you snmp are open to public..
Try to check there is any advisories on your system application software..

the snmp's port is opening
but it dosen't everyone can get the snmp pack, only a community for a ip is allowed. it can make machine down?

kinux

原帖由 "quakelee" 发表：

the snmp's port is opening
but it dosen't everyone can get the snmp pack, only a community for a ip is allowed. it can make machine down?

   
Not sure, but i know snmp is using udp packets, any other service using udp??
such as DNS, OpenSSH(Slapper on linux),     
use sockstat -4 and netstat -a
to find upd and datagram..to check you system..

take a look here
http://www.tisc2001.com/newsletters/324.html

i2era

看来像udp flood

quakelee

原帖由 "kinux" 发表：
   
Not sure, but i know snmp is using udp packets, any other service using udp??
such as DNS, OpenSSH(Slapper on linux),

   
-________________-

it has a DNS on it maybe is a bind8, I don't exactly now:(
because I just have a part of permit on that server
and a sshd

kinux

原帖由 "quakelee" 发表：
   
-________________-

it has a DNS on it maybe is a bind8, I don't exactly now
because I just have a part of permit on that server
and a sshd

   
Hey!!Hey!!! Don't use this face look at me, i just help to analise any possibilities happened on your system, the problem still need you to solve..with following link, take a look..
http://www.tisc2001.com/newsletters/324.html
also, you DNS runing BIND8, oh no, i have throw BIND aways long time..
take a look here about Bind
http://www.securityfocus.com/guest/17905

quakelee

原帖由 "kinux" 发表：
   
Hey!!Hey!!! Don't use this face look at me, i just help to analise any possibilities happened on your system, the problem still need you to solve..with following link, take a look..
http://www...........

   
no no It is not face to you
I just feel bad
the boss go out to swim and I am finding the bugs without full permition   

kinux

原帖由 "quakelee" 发表：
   
no no It is not face to you
I just feel bad
the boss go out to swim and I am finding the bugs without full permition   

   
haha!!! just stand there and look the system being attack and going to die...  
^_^!!

i2era

$dig @<victim_ip>; version.bind chaos txt | grep \"8