[ale] remote investigation
John Wells
jwells at secureworks.com
Tue Sep 2 08:37:10 EDT 2003
Guys,
Came back from the Labor Day holiday and my mail server/web server is acting
rather odd.
Services respond rather slowly, and sometimes not at all. When services
stop responding, I can still hit the router, so I know it has to be the
server itself.
I'm currently logged in remotely and everything seems good, if not slow, but
I expect it to freeze soon (it has a few times in the last hour or so).
When it freezes, I can usually get a response after about 20 minutes or so.
The odd thing is, when services do "freeze" up, I can still telnet to a port
on the machine, like 25 for smtp, and get a connection. However, the SMTP
server fails to respond and I just sit there.
I guess I'm kind of at a loss as to what sort of investigation I can do
remotely. I suppose the best way to see what's going on is to attempt to
repeat the problem from home with a monitor connected and to see if it's
actually doing anything during these timeouts, but I'd like to come home
armed with any equipment that might be required.
Anyone had a similar experience in the past? Does this sound like a
possible bad NIC/harddrive/etc? My first thought was that the box may have
been compromised, but it'd be a wierd attack to let someone in every few
minutes or so. Netstat doesn't show anything unusual going on when I'm in,
at least.
Any tests I could run against NIC/harddrive/etc to check for malfunctioning
hardware?
Thanks for humoring the grasping at straws. I'm frustrated, and clear
thought is not currently an option... ;-)
John
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list