[ale] hacker or bad karma

Carl Forsell cforsell at roman.net
Thu Aug 24 22:26:55 EDT 2000


Level of severity:  Business at risk if not resolved soon

Ladies and Gentlemen,
I need your help.  We are an ISP, and have lost most of our tech staff in
the past couple of months, and although I have 10 years in Novell Admin,
this is a whole new world to me.  Here is the problem...

Starting last week, we have been having problems with connectivity.  At
first, all of our dial up lines connect to abd.abc.abc.XXX ip's.  When an
outage would hit, we could go to a machine that is on an xyz.xyz.xyz.xxx ip
address, go to the outside world and do a reverse traceroute.  We could see
the route hit BellSouth (henceforth referred to as BS), come to us on one
T1, hit the router and go back to BS on the second T1, us,them,us,them
untill it died.  Outages last minutes to hours.  During an outage, the lines
do not go down, but can get to the point of 70 -100 B/sec (that is not a
typo) of throughput.

BS says it is our cisco 3640 that is causing the problem... I don't think
so.  We had a consultant snapshot all config files about 2 months ago, then
redo it a few days ago.  The files had not changed.

The problem comes and goes randomly and lasts minutes to hours (2 minutes to
6 hours).  Resetting the interface cards fot the t's and power cycling the
router have no effect.  During tonights outage I telnet'd into the router
and is reported everything was fine.

My question... Is it possible that a former employee (several left with a
grudge) could in some way screwup the DNS on our router in a way that would
not show in the config files?  Are there any Linux eastereggs or bombs that
could flood the routers tables with bogus data?  Any ideas???

(all passwords have been changed and are secure -  8-15 characters mixed
cases, alpha and numeric and puncuation)

We are monitoring the systems with "Big Brother" already.  Is there anything
else I could monitor that might help (any other software)???

PS:  5 minutes after tonights outage one Linux boxes (SUsE 6.2) froze tight
as a drum.  Hitting the keyboard did revive the monitor, but no other signs
of life.  This box was formerly owned by one of the recently departed
employees...

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list