On 6/30/05, Dave Beckstrom <[EMAIL PROTECTED]> wrote: > Eric, > > I haven't posted that information because we haven't ascertained yet that > the problem lies with my system.
Well considering that this doesn't appear to be happening to ANYONE ELSE, I'd say that's good enough reason for you to AT LEAST provide network traffic logs of the times when the system crashes. > > The first rule of troubleshooting, when something has worked flawlessly for > a long time, is to ask yourself "what changed?" My system ran a year > without a hiccup. Suddenly this problems starts and nothing has changed in > my configuration. > > I more or less assumed there was probably some kind of DOS attack happening. Assumption without any type of basis is VERY BAD. An experienced person would know this, and either provided network traffic logs to show why he/she made the assumption, or would have included all the information neccessary for others to come to this assumption (or show why it's wrong). > The reason I tried a few versions of BSD as a solution is because I can > install a version and have it running in about 30 minutes. There was a very > good chance that something in one version might be different enough than > another version that it might take care of the problem without a lot of > research and debugging. I also tried some changes to my packet filter but > later discovered that I could turn packet filtering off and the problem > still happened. So its not the ruleset. However, if it's a DOS issue > adding a rule might solve the problem too. > > So before I spend any more time trying to "fix" something which might not be > broken I wanted to find out if anyone had heard anything or experienced > anything which might confirm the problem is originating outside my network. > > Make sense? No one has asked you to fix anything, just to provide them with neccessary information to debug a seemingly core issue. If this is indeed a DOS on the IP stack of OpenBSD, it's very core, and should be addressed as quickly as possible. Too bad you havn't given anyone enough information to help out. > > I once spent 2 days trying to fix a windows server and I was so intent on > fixing it that I never looked around elsewhere. Turns out a worm was This is why you need to look at ALL THE INFORMATION before deciding what the issue is. Too bad we can't do this. You must not want this issue solved. > attacking SQL servers and a patch from Microsoft that took 5 minutes to > apply fixed it. How did I hear about the worm? A friend called me. Had I > been smart and started with the simple things first, like a question or > reading about current security issues, I'd not have wasted those two days. > > If everyone else is good and there are no bulletins or similar problems > happening elsewhere and the problem starts looking like my system I will > continue working on it. > > I just thought it wise to poke my head out of the box for a minute and look > around. :) > I VERY strongly suggest reading (or re-reading) http://www.openbsd.org/mail.html and especially the part about INCLUDING IMPORTANT INFORMATION. The OpenBSD mailing list webpage even says that it's better to include too much information than too little. Please don't flame me offlist either, as it really accomplishes nothing, except annoying me.
