[ale] hacker or bad karma

Carl Forsell cforsell at roman.net
Fri Aug 25 09:36:03 EDT 2000


Thanks for the input.  Your thoughts are appreciated.

-----Original Message-----
From: Bao Ha <baoh at linuxwizardry.com>
To: ale at ale.org
To: Carl Forsell <cforsell at roman.net>; ale at ale.org <ale at ale.org>
Date: Friday, August 25, 2000 9:14 AM
Subject: RE: [ale] hacker or bad karma


>
>It looks like a routing problem!
>
>Are you running BGP4 on the 3640?  Look at the routing
>table to see what is going on.  It could be BellSouth
>has screwed up your routing.
>
>Also, check all of the Linux servers and disable routed
>or gated on them.  Point them to the default gateway on
>the 3640 to prevent them from broadcasting bad routing
>data.
>
>Good luck.
>Bao
>
>-----Original Message-----
>From: owner-ale at ale.org [mailto:owner-ale at ale.org]On Behalf Of Carl
>Forsell
>Sent: Thursday, August 24, 2000 10:27 PM
>To: ale at ale.org
>Subject: [ale] hacker or bad karma
>
>
>Level of severity:  Business at risk if not resolved soon
>
>Ladies and Gentlemen,
>I need your help.  We are an ISP, and have lost most of our tech staff in
>the past couple of months, and although I have 10 years in Novell Admin,
>this is a whole new world to me.  Here is the problem...
>
>Starting last week, we have been having problems with connectivity.  At
>first, all of our dial up lines connect to abd.abc.abc.XXX ip's.  When an
>outage would hit, we could go to a machine that is on an xyz.xyz.xyz.xxx ip
>address, go to the outside world and do a reverse traceroute.  We could see
>the route hit BellSouth (henceforth referred to as BS), come to us on one
>T1, hit the router and go back to BS on the second T1, us,them,us,them
>untill it died.  Outages last minutes to hours.  During an outage, the
lines
>do not go down, but can get to the point of 70 -100 B/sec (that is not a
>typo) of throughput.
>
>BS says it is our cisco 3640 that is causing the problem... I don't think
>so.  We had a consultant snapshot all config files about 2 months ago, then
>redo it a few days ago.  The files had not changed.
>
>The problem comes and goes randomly and lasts minutes to hours (2 minutes
to
>6 hours).  Resetting the interface cards fot the t's and power cycling the
>router have no effect.  During tonights outage I telnet'd into the router
>and is reported everything was fine.
>
>My question... Is it possible that a former employee (several left with a
>grudge) could in some way screwup the DNS on our router in a way that would
>not show in the config files?  Are there any Linux eastereggs or bombs that
>could flood the routers tables with bogus data?  Any ideas???
>
>(all passwords have been changed and are secure -  8-15 characters mixed
>cases, alpha and numeric and puncuation)
>
>We are monitoring the systems with "Big Brother" already.  Is there
anything
>else I could monitor that might help (any other software)???
>
>PS:  5 minutes after tonights outage one Linux boxes (SUsE 6.2) froze tight
>as a drum.  Hitting the keyboard did revive the monitor, but no other signs
>of life.  This box was formerly owned by one of the recently departed
>employees...
>
>--
>To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message
>body.
>
>--
>To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message
body.
>

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list