Heh, thats actually kind of cool. Anyways, could it be possible that
your net traffic is being diverted to the syslog/udp port? Maybe
someone is spraying your syslog port for kicks? Is syslogd running with
remote reception? Any strange kernel modules?
mIV wrote:
>
> OK, there's RH 6.1 on 2.2.13. Let's take a look at /var/log/messages:
>
> Dec 2 13:28:48 pentium kernel: age....
> Dec 2 13:28:55 pentium kernel: 65 lated me
> Dec 2 13:28:58 pentium kernel: 6C original
> Dec 2 13:28:58 pentium kernel: ine as
> Dec 2 13:29:07 pentium kernel: age....
> Dec 2 13:29:14 pentium kernel: ge....-
> Dec 11 14:21:46 pentium kernel: 20 ...This
> Dec 11 14:22:49 pentium kernel: 3em te=B
> Dec 11 14:22:53 pentium kernel: 4B , ze ACK
>
> and so on ... Do you know where are these strings from ? I'll tell ya.
> It's all from my mail fetched by fetchmail (via PPP). OK, these were
> strings but we have also sth like this:
>
> Dec 13 22:24:38 pentium kernel: 40 21 4C BB F4 6F 5F DD @!L..o_.
> Dec 13 22:24:39 pentium kernel: C4 41 74 3F BD 54 47 B9 .At?.TG.
>
> These in turn look like some kind of binary dump. Apparently not only mail
> fragments land in my logs. It seems that entire net traffic is affected.
> There's no need for sniffer in this case ;)
>
> That's not good when some net packets are dumped to system logs, is it ?
> Is it a bug ? If so, is it known to kernel developers ?
>
> greetz,
> ______________________________________________________
> mIV
> email:marcel_at_linux.com.pl, m_at_sh.pl
> "When freedom is outlawed, only outlaws will be free."
> ------------------------------------------------------
Received on Dec 30 1999
Intro
