I've been running Solaris 2.6 servers for years now and haven't done
any patches for at least 4 years because the servers have been totally
stable.  In the last week however, in.telnet and in.ftp has died sort
of randomly on all 5 of my servers...and when I reboot telnet and ftp
run for about 10 minutes, then die again sort of randomly.  Seems to
be sort of random.  All of my 2.6 servers are doing this now and a
reboot fixes the problem for only a short time.

There's nothing in the messages or error logs and each of the 5
systems are running different apps, so nothing common I can think
of.

I probably should mention that I have several other Unix servers
running Solaris 2.7 and 2.8, however none of those have the problem.
It's very suspicious, however nothing malicious has happened.

I've also rebooted and watch the system for a while while running
netstat in another window, but I never see any connections come into
the system or anyone login.

It's really odd because there is simply no trace of what could be
killing telnet and ftp...

Anyone have a clue where I can look for this?

If you have any ideas, please reply and/or write to
tdenham@airnetcom.com.

On Mar 1, 12:05 am, tdenham...@gmail.com wrote:
> I've been running Solaris 2.6 servers for years now and haven't done
> any patches for at least 4 years because the servers have been totally
> stable.  In the last week however, in.telnet and in.ftp has died sort
> of randomly on all 5 of my servers...and when I reboot telnet and ftp
> run for about 10 minutes, then die again sort of randomly.  Seems to
> be sort of random.  All of my 2.6 servers are doing this now and a
> reboot fixes the problem for only a short time.
>

I wonder if something is trying to exploit the Solaris 10 telnet
vulnerability and causing these to die?  There is a known worm, I
think.  Are there lots of attempted telnet connections?

On Mar 1, 7:21 am, "Tim Bradshaw" <tfb+goo...@tfeb.org> wrote:
> On Mar 1, 12:05 am, tdenham...@gmail.com wrote:
>
> > I've been running Solaris 2.6 servers for years now and haven't done
> > any patches for at least 4 years because the servers have been totally
> > stable.  In the last week however, in.telnet and in.ftp has died sort
> > of randomly on all 5 of my servers...and when I reboot telnet and ftp
> > run for about 10 minutes, then die again sort of randomly.  Seems to
> > be sort of random.  All of my 2.6 servers are doing this now and a
> > reboot fixes the problem for only a short time.
>
> I wonder if something is trying to exploit the Solaris 10 telnet
> vulnerability and causing these to die?  There is a known worm, I
> think.  Are there lots of attempted telnet connections?


Running snoop does not show a lot of attempts...the strange thing
is...why only Solaris 2.6???  The others are just fine???

On Mar 1, 1:19 pm, tdenham...@gmail.com wrote:

> Running snoop does not show a lot of attempts...the strange thing
> is...why only Solaris 2.6???  The others are just fine???

Well, I was thinking that may be the 2.6 one dies, but the later ones
(until 10) are immune to even that.

Another thing to do which I just thought of would be to truss the
daemon, though it's often pretty hard to find out what happened from
truss traces, and you'll have the usual `stupid amount of output'
problem. I suspect if you could see that it had just accepted (or
rejected) a connection when it fell over that might be informative.

DTrace is what you really need :-)

--tim