Guys, your problem descriptions lack a simple detail: The kernel version.
Sven Michels wrote:
alter ego wrote:
My Linux box (SuSE 7.1, X, harden_suse) did strange things this morning and I wonder if there are some likely explanations or if this could be an attack:
- while opening a large mail (about 245 K) with the Netscape Mail Client, Netscape stopped responding to user input (window was not repainted as well) - I tried switching to an open X-Term, but was not able to move the focus to that window - Switched to another console, logged in and tried killing the netscape process -> console ceased accepting input - Logged in remotely via ssh, which at first worked, but behaved weirdly (keystrokes were not displayed until the next key pressed) - then ssh ceased accepting input as well - switched the box off (Painful) and rebooted and everything worked - checked the log files (also firewall logs - I am behind a corporate FW), but could not find anything
While this might not be a security related problem I'd appreciate any hints/tips/advice from the experts here.
Did you test to open the mail again after the reboot? maybe its some mad code in it? Netscape also has many memleaks .. maybe you've just read the mail on the wrong day for netscape [;)] i would check the mail for some mad code. did you see the load of the maschine?
I have had this happen several (at least 30-40 times over the past 3 weeks) times. It happens with either Netscape (reading mail or viewing a page) or RealPlayer. Nothing ever gets written to the log (or on console 10) to help point out the problem and when I read the e-mail after a rather painful reboot or return to the web page, no problem whatsoever. This rebooting thing was the main reason I stopped using Windows in 1994. I am very interested in solving this problem, but I have no idea where to begin to look. My guess is that this is security related as there is undoubtedly a memory leak somewhere, and where there is a memory leak, there is an exploit waiting to happen.
Any help would be greatly appreciated!!!!!!
Dave H
System: Intel PIII 733 MHz (SMP, but only one processor installed) multiple PCI buses (2) matrox G400 dual head SuSE 7.1 with harden_suse reiser_fs on /, ext2 on /boot netscape6 and realplayer8 also cannot do a ps after netscape or realplayer hang
PS Sorry Sven for sending this straight to you. I had intended to send this to the list. Not enough coffee yet this morning ;^)
Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -