Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] Attack or not?
  • From: "Erwin Zierler - stubainet.at" <erwin.zierler@xxxxxxxxxxxx>
  • Date: Sun, 30 Dec 2001 13:05:35 +0100
  • Message-id: <3C2F030F.2000804@xxxxxxxxxxxx>
John Trickey wrote:

Hi,


Dec 28 09:21:10 server -- MARK -- ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@
[many many more of this] ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@
Dec 28 14:34:46 server syslogd 1.3-3: restart.


Snip


reboot system boot 2.2.16 Fri Dec 28 14:34 (1+20:48)
reboot system boot 2.2.16 Fri Dec 28 11:56 (1+23:26)


Snip


Anyway, I wonderd if anyone has seen something similar yet and if I have to worry.


The ^@(ASCII 00)'s are not unusual in a system crash however there are
questions to be asked. Start with "what happened to the reboot at 11:56?
Why no syslog entry?". Also look for physical causes. Power
failure/glitch. Any other equipment affected?

HTH
John


Problem is that this place is closed and I cannot contact anyone right
now. At the moment I tend to think it was a 'normal' system crash i.e.
someone hitting the reset button (probably trying to turn on the
machine when it was actually running - yes my users do that...).
All further investigation so far has not yielded any more suspicious
results so I will contact the people on Jan 2nd.
Thanks everyone for your input!
Erwin


< Previous Next >
References