[ProgSoc] Black box question

jedd jedd at progsoc.org
Thu Feb 3 05:53:04 EST 2011


 Hello peoples,

 Here's the scenario - I have a Debian box that I can't speak
 to at the moment, and it's on the other side of the planet, with
 no convenient option to get someone who knows what they're
 doing near it.  My sister is near it, but is proof positive that
 geekiness is very much a recessive gene.

 Happy to take ideas on what might be wrong, and what other steps
 I could do to narrow in on the problem.

 Background ..  'nothing was changed', the old mantra, but in this
 case accurate.  About two months ago the RAID5 array was degraded,
 but I'm not too fussed as I have all that data backed up.  About 3
 weeks ago I lost SSH and HTTP access to the box.  I was occasionally
 able to get SSH into the thing, but rarely, and never usefully (the
 two times I did, I'd been trying repeatedly, and flicked to another
 screen, coming back to see the server's prompt and a timeout message).

 It's fronted by a netgear ADSL that does incoming NAT on 22, 80, 9418
 and I've proved that out of the equation by having the NAT redirect to
 my sister's desktop for port 22 - and that works fine.  Inside the LAN
 I can ping the server, but can't SSH / HTTP to it from there, either.

 Local console access is working fine to the server, and I've got my
 sister to run a couple of obvious things -- top and df -- and she
 reports back that load average is very low, there's plenty of free
 disk, heaviest task is using <5% CPU (a vmware-server instance)
 and this changes periodically with a couple of other tasks (top,
 the other vmware-server instance, etc).  She's also restarted the
 machine, with no change in symptoms.

 NFS from the server to the desktop computer is also failing.

 I don't think it's anything too malign as network usage (via the ISP's
 UI) suggests nothing of substance, and a naive belief that most
 rootkits try to hide the fact they're there - not take out git, http,
 nfs, and ssh at the same time.

 Best guess gets a hug in April.*

 Jedd.



 * Any promises pertaining to hugs may not be honoured.



More information about the Progsoc mailing list