The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[hackcheck] net-tools failed checksum test

Discussion in 'General Discussion' started by niatech, Sep 13, 2006.

  1. niatech

    niatech Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    16
    Hello all,

    Last night had an issue with a server where the switch port became flooded (leaving the server) (I have a 10Mbps switch and it was up to 1250 K/s). Anyhow, I logged into the server and the only thing I could do was restart it (since I could not find anything relavent in the logs).

    rkhunter and chkrootkit came up with nothing, then, this morning I get this message:

    [hackcheck] net-tools failed checksum test

    IMPORTANT: Do not ignore this email.
    This message is to inform you that the rpm
    package net-tools did not match the expected checksum. This could mean that
    your system was compromised (OwN3D). The offending files have been removed
    and replaced with the OS default. To be safe you should verify that your
    system has not be compromised.

    Modified Files:
    S.?..... /bin/hostname
    S.?..... /bin/netstat
    S.?..... /sbin/arp
    S.?..... /sbin/ether-wake
    S.?..... /sbin/ifconfig
    S.?..... /sbin/ipmaddr
    S.?..... /sbin/iptunnel
    S.?..... /sbin/mii-tool
    S.?..... /sbin/nameif
    S.?..... /sbin/netplugd
    S.?..... /sbin/plipconfig
    S.?..... /sbin/route
    S.?..... /sbin/slattach


    And from upcp I get

    prelink: Could not write temporary for /bin/hostname: cannot write data to file
    prelink: Could not write temporary for /bin/netstat: cannot write data to file
    prelink: Could not write temporary for /sbin/arp: cannot write data to file
    prelink: Could not write temporary for /sbin/ifconfig: cannot write data to file
    prelink: Could not write temporary for /sbin/ipmaddr: cannot write data to file
    prelink: Could not write temporary for /sbin/iptunnel: cannot write data to file
    prelink: Could not write temporary for /sbin/mii-tool: cannot write data to file
    prelink: Could not write temporary for /sbin/nameif: cannot write data to file
    prelink: Could not write temporary for /sbin/netplugd: cannot write data to file
    prelink: Could not write temporary for /sbin/plipconfig: cannot write data to file
    prelink: Could not write temporary for /sbin/route: cannot write data to file
    prelink: Could not write temporary for /sbin/slattach: cannot write data to file
    net-tools fails checksum !!!

    ^^ but this could be due to the backup mountpoint not being mounted after reboot and / got filled up to 100%


    Then, in /var/log/messages I have these (right around the time everything blew up):

    Sep 12 20:05:02 XXXX kernel: printk: 6 messages suppressed.
    Sep 12 20:05:02 XXXX kernel: ip_conntrack: table full, dropping packet.
    Sep 12 20:05:08 XXXX kernel: printk: 3 messages suppressed.
    Sep 12 20:05:08 XXXX kernel: ip_conntrack: table full, dropping packet.
    Sep 12 20:05:12 XXXX kernel: printk: 4 messages suppressed.

    And a bunch of lines like this:

    Sep 12 21:10:47 XXXX stunnel: LOG5[10724:3085990832]: cpanelhttps connected from 209.67.114.35:40140
    Sep 12 21:10:47 XXXX stunnel: LOG5[10724:3085990832]: Connection closed: 4747 bytes sent to SSL, 83 bytes sent to socket

    ^^ all from the same IP, 2 per second


    Has anyone experienced something like this before?

    Thanks!
     
Loading...

Share This Page