[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Suspicious behavior: cracked or just a dying machine?

did u try memtest?
I had really wierd behaviour and memory was _totally_ broken... I still wonder how the hell it managed to boot... 
replacing memory did the magic

At 11:49 a.m. 15/08/01 -0400, Andrew Perrin wrote:

Folks-

I just logged in (from work) to my home machine to copy a file I
needed. It's behaving very weirdly, and I'd love some advice as to whether
you think I've been cracked or it's likely just a hardware issue. I'd
strongly prefer not to shutdown remotely, but will do so rather than
waiting until I get home tonight if y'all think that's what's appropriate.

The machine is a (rather old) Pentium 200, 92MB RAM, with lots of stuff
plugged in(nVidia graphics, Adaptec SCSI running a CD-ROM and a Zip drive,
and four IDE hard drives of various sizes).  It's running deiban 2.2r3,
kernel 2.2.19pre17 with all current patches.

Here's what's happening:
1.) There's nobody doing anything on the machine, and yet I get the
following load averages:
 11:43am  up 6 days, 22:06,  6 users,  load average: 1.42, 1.50, 1.31

2.) top segfaults:
nujoma:~> top
Segmentation fault

3.) man doesn't work:
nujoma:~> man ps
/usr/bin/man: Input/output error.

4.) scp fails:
nujoma:~> scp paychecks.sdc geingob:
scp: error in loading shared libraries: libz.so.1: cannot open shared
object file: Permission denied

5.) Can't write my / filesystem (/home):
nujoma:~> touch foo
touch: foo: Read-only file system

However, mount shows it as rw:
nujoma:~> mount
/dev/hdb3 on / type ext2 (rw,errors=remount-ro,errors=remount-ro)
proc on /proc type proc (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/hdd1 on /src2 type vfat (rw,umask=0000)
/dev/hdd3 on /share type ext2 (rw)
/dev/hdb1 on /rosa type vfat (rw,umask=0000)
/dev/hdc1 on /theodor type vfat (rw,umask=0000)
/dev/hda3 on /karl type ntfs (rw,umask=0000)
AFS on /afs type afs (rw)
//jacobi/cousins on /mnt/cousins type smbfs (0)

6.) shutdown -r also segfaulted, so I can't reboot remotely.

I don't see anything suspicious in the logs, with the exception of the
following that I seem to get at least once a day:

Aug 14 17:38:43 nujoma /sbin/rpc.statd[257]: gethostbyname error for
^X<F7><FF>
<BF>^X<F7><FF><BF>^Y<F7><FF><BF>^Y<F7><FF><BF>^Z<F7><FF><BF>^Z<F7><FF><BF>^[<F7>
<FF><BF>^[<F7><FF><BF>%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%n\220
\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220
\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220
\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220
\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220
\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220
\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220
\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220
\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220
\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220
\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220
\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220
Aug 14 17:38:43 nujoma
<C7>^F/bin<C7>F^D/shA0<C0>\210F^G\211v^L\215V^P\215N^L\21
1<F3><B0>^K<CD>\200<B0>^A<CD>\200<E8>\177<FF><FF><FF>

Thanks for any advice.

----------------------------------------------------------------------
Andrew J Perrin - andrew_perrin@unc.edu - http://www.unc.edu/~aperrin
 Assistant Professor of Sociology, U of North Carolina, Chapel Hill
      269 Hamilton Hall, CB#3210, Chapel Hill, NC 27599-3210 USA



--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: