> Message from sysl...@server2 at Tue Aug 10 15:41:33 2010 ... > server2 kernel: Stack: dfb41f64 00000000 00000000 00000000 00000000 > > Message from sysl...@server2 at Tue Aug 10 15:41:33 2010 ... > server2 kernel: Call Trace: > > Message from sysl...@server2 at Tue Aug 10 15:41:33 2010 ... > server2 kernel: Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 89 d0 52 > ff d3 <00> 00 00 a0 ff 53 4d 42 32 00 00 00 8b 40 0c c3 ff 05 08 d0 34 > > Message from sysl...@server2 at Tue Aug 10 15:41:33 2010 ... > server2 kernel: EIP: [<c0101005>] kernel_thread_helper+0x5/0xb SS:ESP > 0068:dfa05fec
Uh... yeah, that would make me very nervous as well. Why? Because of all of those "90" bytes. Maybe it's something completely unrelated, but when attackers craft buffer overflow exploits, it's common to use a "NOP" sled to give them fudge factor on offsets. NOP on x86 is 0x90. As others have asked, is this connected to the Internet? What services are exposed? You might want to get a full packet capture of your network traffic while this error pops up. Contact me off list if you like. tim _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
