OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Matteo Cavalleri (shiva.brahma_at_inwind.it)
Date: Tue Jan 28 2003 - 15:15:57 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    today i had a lot of email from cron with an error message from my
    script that check my internet connection. the message was:

    ping: sendto: No buffer space available

    i had a similar error from named about in the same time interval. so i
    googled a bit but all i found was about some possible DoS.

    i also found that one of my pptp processes died (even if i'm not sure
    when it died) so can i suppose i really had a DoS? (i was not at home
    when it might have happened).

    anyway since today i had again the problem i described a couple of days
    ago (my lan not working) i also checked some things using the paper
    "running and tuning openbsd etc" as a reference (btw it seems the lan
    problem is just the ethernet cable or the nic connector giving some
    trouble)

    this is what i found:

    $ netstat -f inet
    Active Internet connections
    Proto Recv-Q Send-Q Local Address Foreign Address (state)
    tcp 0 0 meshuggah.ssh opeth.1058 ESTABLISHED
    tcp 0 0 cerbero.19568 caronte.pptp ESTABLISHED
    tcp 0 0 meshuggah.8080 *.* LISTEN
    tcp 0 0 meshuggah.nut meshuggah.17449 ESTABLISHED
    tcp 0 0 meshuggah.17449 meshuggah.nut ESTABLISHED
    Active Internet connections
    Proto Recv-Q Send-Q Local Address Foreign Address (state)
    udp 0 0 localhost.48661 localhost.48661
    udp 0 0 meshuggah.netbios- *.*
    udp 0 0 meshuggah.netbios- *.*
    udp 0 0 cerbero.domain *.*
    udp 0 0 meshuggah.domain *.*
    udp 0 0 localhost.domain *.*
    $ netstat -m
    143 mbufs in use:
            130 mbufs allocated to data
            5 mbufs allocated to packet headers
            8 mbufs allocated to socket names and addresses
    130/162 mapped pages in use
    420 Kbytes allocated to network (70% in use)
    0 requests for memory denied
    0 requests for memory delayed
    0 calls to protocol drain routines

    $ vmstat
     procs memory page disks faults cpu
     r b w avm fre flt re pi po fr sr wd0 wd1 in sy cs us sy id
     010 0 41308 32416 11 0 0 0 0 0 1 0 281 278 79 0 1 99

    if i understood what i read in the paper it seems there are some
    processes slowed by too many interrupts, and given the fact that i have
    no queue on the internet side, i suppose there's something going wrong
    on the lan nic, and since the problem i had with my lan was, as i said,
    either the cable or the nic connector, can i assume that the nic on the
    lan side is probably faulty? (it's an intel etherexpress btw, but is
    also quite old)

    TIA 

    -- 

        Shiva

      "Better true to yourself
Than a perfect shadow
       Of somebody else
     An empty shell"

    (MrBig, My new religion)