[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] April fools day?
- Subject: [cobalt-security] April fools day?
- From: "Mark" <mark@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 2 Apr 2003 00:09:45 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Can anyone shed any light on this please?
Strange thing happened this morning at around 5am - monitors reported that my RAQ4 was not available for a short time. When I checked the logs, the date had changed from April 1st 2003 to June 5th 2005.
----snip----
Apr 1 04:45:07 ns proftpd[24521]: ns.mydomain.net (localhost[127.0.0.1]) - FTP session closed.
Jun 5 20:37:43 ns syslogd 1.3-3: restart.
----snip----
...then later (when the clock thought it was 5am again) it changed again???
Jun 6 04:37:45 ns named[407]: XSTATS 1118029065 1118000266 RR=443 RNXD=185 RFwdR=270 RDupR=0 RFail=4 RFErr=0 RErr=0 RAXFR=0 RLame=5 ROpts=0 SSysQ=259 SAns=1822 SFwdQ=106 SDupQ=13 SErr=0 RQ=1866 RIQ=0 RFwdQ=106 RDupQ=0 RTCP=138 SFwdR=270 SFail=0 SFErr=0 SNaAns=743 SNXD=202 RUQ=0 RURQ=0 RUXFR=0 RUUpd=1
Jun 14 03:37:25 ns syslogd 1.3-3: restart.
Jun 14 03:37:27 ns named[406]: starting (/etc/named.conf). named 8.2.3-REL Tue Sep 18 12:35:18 PDT 2001 ^Iroot@xxxxxxxxxxxxxxx:/home/redhat/BUILD/bind-8.2.3/src/bin/named
...annoyingly, this makes a mess of the timestamps, stops cron working etc.
chkrootkit says everything is clear - and otherwise the server seems fine.
Any ideas anyone?
TIA
Mark Remde