Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Date: Tue Jul 02 2002 - 04:21:09 CDT
I have a SuSE 7.3 box here, and after updating sshd via YOU, something
weird happened. It seemed so weird to me that I decided to post it here.
The 7.3 box is a firewall, it links three seperate networks to the
internet. My home LAN is one of these networks, I have to add. Now that I
updated the box, it locked up pretty soon with an Oops message. I restarted
it and it seemed to work fine, Therefore, I went home after a while and got
a bit on IRC and texted wif some of my friends when suddenly my session
Well, the uplink to the ISP is kinda "OEM" ADSL, it is provided by our
national telco to the ISP, which in turn resells the connection to us, thus
the ISP doesnt have to run lines down to every building in the country. So
far so good, this line is quite the crap when compared to a real leased
line, it goes down alot for short moments etc; they blame it on capacity
problems. Thus I tought the line would be just down due to "normal
behaviour" and come back up after a short while.
But this wasnt so. The line was down, and it didnt look like it would come
back up by itself.
So I went to my other connection (cable) and tried to ping the traceroute
to my inner firewall. The result was that the packets stopped at mentioned
suse 7.3 box. Therefore I tried to ping the machine, to no avail. I also
tried logging in via SSH, that didnt work either. So I assumed that the box
would simply have Oops'd again. I couldnt login to it, neither from my LAN
side, nor from the internet side, and it didnt even reply to pings.
I noticed, while being on the computer with the cable connection, that I
was still logged in to my webserver box, that is attached to the same LAN
as my workstation is (where I irc'd from) ! Now what the fsck?? It was
definately responsive, I could type commands and it gave me output. So I
tried to establish another SSH session, which wouldnt work either!
Now, as if this werent strange enough, I logged in to the inner firewall
from the webserver box, also via ssh, and tried to login to said suse 7.3
firewall from the inner firewall (which has a connection to the suse 7.3
firewall via SDSL). And that worked. The box that didnt reply to pings, nor
route my traffic from the LAN to the internet or vice versa, it gave me a
login prompt. So I logged on, and looked at logs, but there was nothing
unusual, no suspicious messages or anything. I looked at route -n and also
at netstat -a and nothing appeared to be wrong. So I did rcnetwork restart.
And all of a sudden, my connectivity was restored, IRC reconnected etc.
Very very very very weird.
I might add that such things never happened before I updated sshd.
/v\ L I N U X
// \\ >I know KungFu!!<
-- To unsubscribe, e-mail: suse-security-unsubscribesuse.com For additional commands, e-mail: suse-security-helpsuse.com Security-related bug reports go to securitysuse.de, not here