[ProgSoc] Black box question
jedd at progsoc.org
Thu Feb 3 05:53:04 EST 2011
Here's the scenario - I have a Debian box that I can't speak
to at the moment, and it's on the other side of the planet, with
no convenient option to get someone who knows what they're
doing near it. My sister is near it, but is proof positive that
geekiness is very much a recessive gene.
Happy to take ideas on what might be wrong, and what other steps
I could do to narrow in on the problem.
Background .. 'nothing was changed', the old mantra, but in this
case accurate. About two months ago the RAID5 array was degraded,
but I'm not too fussed as I have all that data backed up. About 3
weeks ago I lost SSH and HTTP access to the box. I was occasionally
able to get SSH into the thing, but rarely, and never usefully (the
two times I did, I'd been trying repeatedly, and flicked to another
screen, coming back to see the server's prompt and a timeout message).
It's fronted by a netgear ADSL that does incoming NAT on 22, 80, 9418
and I've proved that out of the equation by having the NAT redirect to
my sister's desktop for port 22 - and that works fine. Inside the LAN
I can ping the server, but can't SSH / HTTP to it from there, either.
Local console access is working fine to the server, and I've got my
sister to run a couple of obvious things -- top and df -- and she
reports back that load average is very low, there's plenty of free
disk, heaviest task is using <5% CPU (a vmware-server instance)
and this changes periodically with a couple of other tasks (top,
the other vmware-server instance, etc). She's also restarted the
machine, with no change in symptoms.
NFS from the server to the desktop computer is also failing.
I don't think it's anything too malign as network usage (via the ISP's
UI) suggests nothing of substance, and a naive belief that most
rootkits try to hide the fact they're there - not take out git, http,
nfs, and ssh at the same time.
Best guess gets a hug in April.*
* Any promises pertaining to hugs may not be honoured.
More information about the Progsoc