Secure OS Software for Linux
cancel
Showing results for 
Search instead for 
Did you mean: 

Suspected tarce..!!

jackfiled
Advisor

Suspected tarce..!!

systems are odd..,
some commands issued segmentation fault

I suspect some intruder was logging in this system.

How about yours?

below are dmesg in this system

ynth, node (MAJOR 10, MINOR 25)
Linux NET4.0 for Linux 2.4
Based upon Swansea University Computer Society NET3.039
Initializing RT netlink socket
apm: BIOS not found.
Starting kswapd
allocated 64 pages and 64 bhs reserved for the highmem bounces
VFS: Diskquotas version dquot_6.5.0 initialized
pty: 2048 Unix98 ptys configured
Serial driver version 5.05c (2001-07-08) with MANY_PORTS MULTIPORT SHARE_IRQ SERIAL_PCI ISAPNP enabled
ttyS0 at 0x03f8 (irq = 4) is a 16550A
Real Time Clock Driver v1.10e
oprofile: APIC was already enabled
oprofile 0.2 loaded, major 254
block: 1024 slots per queue, batch=256
Uniform Multi-Platform E-IDE driver Revision: 6.31
ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx
SvrWks OSB4: IDE controller on PCI bus 00 dev 79
SvrWks OSB4: chipset revision 0
SvrWks OSB4: not 100% native mode: will probe irqs later
ide0: BM-DMA at 0x2800-0x2807, BIOS settings: hda:pio, hdb:pio
ide1: BM-DMA at 0x2808-0x280f, BIOS settings: hdc:pio, hdd:pio
hdc: CRN-8245B, ATAPI CD/DVD-ROM drive
ide1 at 0x170-0x177,0x376 on irq 15
ide-floppy driver 0.99.newide
Floppy drive(s): fd0 is 1.44M
FDC 0 is a National Semiconductor PC87306
NET4: Frame Diverter 0.46
RAMDISK driver initialized: 16 RAM disks of 4096K size 1024 blocksize
ide-floppy driver 0.99.newide
md: md driver 0.90.0 MAX_MD_DEVS=256, MD_SB_DISKS=27
md: Autodetecting RAID arrays.
md: autorun ...
md: ... autorun DONE.
pci_hotplug: PCI Hot Plug PCI Core version: 0.4
NET4: Linux TCP/IP 1.0 for NET4.0
IP Protocols: ICMP, UDP, TCP, IGMP
IP: routing cache hash table of 16384 buckets, 128Kbytes
TCP: Hash tables configured (established 262144 bind 65536)
Linux IP multicast router 0.06 plus PIM-SM
NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
RAMDISK: Compressed image found at block 0
Freeing initrd memory: 204k freed
VFS: Mounted root (ext2 filesystem).
SCSI subsystem driver Revision: 1.00
kmod: failed to exec /sbin/modprobe -s -k scsi_hostadapter, errno = 2
Compaq SMART2 Driver (v 2.4.22)
cpqarray: Device 0x10 has been found at bus 0 dev 1 func 0
cpqarray: Finding drives on ida0 (Integrated Array)
cpqarray ida/c0d0: blksz=512 nr_blks=71122560
cpqarray: Starting firmware's background processing
blk: queue c042d180, I/O limit 4095Mb (mask 0xffffffff)
Partition check:
ida/c0d0: p1 p2 p3 p4 < p5 p6 p7 >
Journalled Block Device driver loaded
kjournald starting. Commit interval 5 seconds
EXT3-fs: mounted filesystem with ordered data mode.
Freeing unused kernel memory: 240k freed
EXT3 FS 2.4-0.9.18, 14 May 2002 on ida0(72,6), internal journal
Adding Swap: 2048136k swap-space (priority -1)
kjournald starting. Commit interval 5 seconds
EXT3 FS 2.4-0.9.18, 14 May 2002 on ida0(72,1), internal journal
EXT3-fs: mounted filesystem with ordered data mode.
kjournald starting. Commit interval 5 seconds
EXT3 FS 2.4-0.9.18, 14 May 2002 on ida0(72,2), internal journal
EXT3-fs: mounted filesystem with ordered data mode.
kjournald starting. Commit interval 5 seconds
EXT3 FS 2.4-0.9.18, 14 May 2002 on ida0(72,3), internal journal
EXT3-fs: mounted filesystem with ordered data mode.
kjournald starting. Commit interval 5 seconds
EXT3 FS 2.4-0.9.18, 14 May 2002 on ida0(72,7), internal journal
EXT3-fs: mounted filesystem with ordered data mode.
ip_tables: (C) 2000-2002 Netfilter core team
eepro100.c:v1.09j-t 9/29/99 Donald Becker http://www.scyld.com/network/eepro100.html
eepro100.c: $Revision: 1.36 $ 2000/11/17 Modified by Andrey V. Savochkin and others
divert: allocating divert_blk for eth0
eth0: OEM i82557/i82558 10/100 Ethernet, 00:08:02:46:85:DC, IRQ 5.
Receiver lock-up bug exists -- enabling work-around.
Board assembly 727095-002, Physical connectors present: RJ45
Primary interface chip i82555 PHY #1.
General self-test: passed.
Serial sub-system self-test: passed.
Internal registers self-test: passed.
ROM checksum self-test: passed (0x04f4518b).
Receiver lock-up workaround activated.
divert: allocating divert_blk for eth1
eth1: OEM i82557/i82558 10/100 Ethernet, 00:08:02:46:86:84, IRQ 7.
Receiver lock-up bug exists -- enabling work-around.
Board assembly 727095-002, Physical connectors present: RJ45
Primary interface chip i82555 PHY #1.
General self-test: passed.
Serial sub-system self-test: passed.
Internal registers self-test: passed.
ROM checksum self-test: passed (0x04f4518b).
Receiver lock-up workaround activated.
mtrr: Serverworks LE detected. Write-combining disabled.
mtrr: your processor doesn't support write-combining
mtrr: Serverworks LE detected. Write-combining disabled.
mtrr: your processor doesn't support write-combining
mice: PS/2 mouse device common for all mice
ide-floppy driver 0.99.newide
hdc: ATAPI 24X CD-ROM drive, 128kB Cache
Uniform CD-ROM driver Revision: 3.12
cdrom: This disc doesn't have any tracks I recognize!
sending pkt_too_big (len[1480] pmtu[1456]) to self
nfs: server spb not responding, still trying
nfs: server spb OK
sending pkt_too_big (len[1480] pmtu[1456]) to self
sending pkt_too_big (len[1500] pmtu[1456]) to self
device eth0 entered promiscuous mode
device eth0 left promiscuous mode
device eth0 entered promiscuous mode
device eth0 left promiscuous mode
tcpdump uses obsolete (PF_INET,SOCK_PACKET)
device eth0 entered promiscuous mode
device eth0 left promiscuous mode
device eth0 entered promiscuous mode
device eth0 left promiscuous mode
TCP: Treason uncloaked! Peer 218.145.233.80:39562/80 shrinks window 413456871:413466631. Repaired.
TCP: Treason uncloaked! Peer 218.50.128.210:43159/80 shrinks window 36058109:36065061. Repaired.
sending pkt_too_big (len[1454] pmtu[1442]) to self
sending pkt_too_big (len[1500] pmtu[1442]) to self
sending pkt_too_big (len[1500] pmtu[1442]) to self
sending pkt_too_big (len[1492] pmtu[1442]) to self
sending pkt_too_big (len[1500] pmtu[1456]) to self
sending pkt_too_big (len[1480] pmtu[1456]) to self
request_module[net-pf-14]: waitpid(23339,...) failed, errno 1
Unable to handle kernel paging request at virtual address 1874b3db
printing eip:
1874b3db
*pde = 00000000
Oops: 0000
ide-cd cdrom soundcore mousedev input autofs nfs lockd sunrpc eepro100 iptable
CPU: 0
EIP: 0010:[<1874b3db>] Not tainted
EFLAGS: 00010283

EIP is at Using_Versions [] 0x1874b3da (2.4.18-14smp)
eax: 0000003b ebx: e8e32000 ecx: 00000034 edx: 00000018
esi: bfffde28 edi: c032fa60 ebp: bfffde48 esp: e8e33fc0
ds: 0018 es: 0018 ss: 0018
Process zk (pid: 23406, stackpage=e8e33000)
Stack: c0109437 0000324f 00000034 00000020 bfffde28 c032fa60 bfffde48 0000003b
0000002b 0000002b 0000003b 0804881f 00000023 00000282 bfffddf8 0000002b
Call Trace: [] system_call [kernel] 0x33 (0xe8e33fc0))


Code: Bad EIP value.
<1>Unable to handle kernel paging request at virtual address 1874b3db
printing eip:
1874b3db
*pde = 00000000
Oops: 0000
ide-cd cdrom soundcore mousedev input autofs nfs lockd sunrpc eepro100 iptable
CPU: 0
EIP: 0010:[<1874b3db>] Not tainted
EFLAGS: 00010283

EIP is at Using_Versions [] 0x1874b3da (2.4.18-14smp)
eax: 0000003b ebx: e0ba6000 ecx: bfffbe44 edx: 00000018
esi: 00000000 edi: 0804a241 ebp: bfffbe34 esp: e0ba7fc0
ds: 0018 es: 0018 ss: 0018
Process zk (pid: 23447, stackpage=e0ba7000)
Stack: c0109437 bfffbe44 bfffbe44 0000000d 00000000 0804a241 bfffbe34 0000003b
0000002b 0000002b 0000003b 080480bb 00000023 00000286 bfffbe30 0000002b
Call Trace: [] system_call [kernel] 0x33 (0xe0ba7fc0))


Code: Bad EIP value.
<1>Unable to handle kernel paging request at virtual address 1874b3db
printing eip:
1874b3db
*pde = 00000000
Oops: 0000
ide-cd cdrom soundcore mousedev input autofs nfs lockd sunrpc eepro100 iptable
CPU: 0
EIP: 0010:[<1874b3db>] Not tainted
EFLAGS: 00010283

EIP is at Using_Versions [] 0x1874b3da (2.4.18-14smp)
eax: 0000003b ebx: dad4a000 ecx: bfffbe44 edx: 00000018
esi: 00000000 edi: 0804a241 ebp: bfffbe34 esp: dad4bfc0
ds: 0018 es: 0018 ss: 0018
Process zk (pid: 23467, stackpage=dad4b000)
Stack: c0109437 bfffbe44 bfffbe44 0000000d 00000000 0804a241 bfffbe34 0000003b
0000002b 0000002b 0000003b 080480bb 00000023 00000286 bfffbe30 0000002b
Call Trace: [] system_call [kernel] 0x33 (0xdad4bfc0))


Code: Bad EIP value.
<1>Unable to handle kernel paging request at virtual address 1874b3db
printing eip:
1874b3db
*pde = 00000000
Oops: 0000
ide-cd cdrom soundcore mousedev input autofs nfs lockd sunrpc eepro100 iptable
CPU: 0
EIP: 0010:[<1874b3db>] Not tainted
EFLAGS: 00010283

EIP is at Using_Versions [] 0x1874b3da (2.4.18-14smp)
eax: 0000003b ebx: d1262000 ecx: bfffbe44 edx: 00000018
esi: 00000000 edi: 0804a241 ebp: bfffbe34 esp: d1263fc0
ds: 0018 es: 0018 ss: 0018
Process zk (pid: 23474, stackpage=d1263000)
Stack: c0109437 bfffbe44 bfffbe44 0000000d 00000000 0804a241 bfffbe34 0000003b
0000002b 0000002b 0000003b 080480bb 00000023 00000286 bfffbe30 0000002b
Call Trace: [] system_call [kernel] 0x33 (0xd1263fc0))


Code: Bad EIP value.
<1>Unable to handle kernel paging request at virtual address 1874b3db
printing eip:
1874b3db
*pde = 00000000
Oops: 0000
ide-cd cdrom soundcore mousedev input autofs nfs lockd sunrpc eepro100 iptable
CPU: 0
EIP: 0010:[<1874b3db>] Not tainted
EFLAGS: 00010283

EIP is at Using_Versions [] 0x1874b3da (2.4.18-14smp)
eax: 0000003b ebx: dad4a000 ecx: bfffbe44 edx: 00000018
esi: 00000000 edi: 0804a241 ebp: bfffbe34 esp: dad4bfc0
ds: 0018 es: 0018 ss: 0018
Process zk (pid: 23482, stackpage=dad4b000)
Stack: c0109437 bfffbe44 bfffbe44 0000000d 00000000 0804a241 bfffbe34 0000003b
0000002b 0000002b 0000003b 080480bb 00000023 00000286 bfffbe30 0000002b
Call Trace: [] system_call [kernel] 0x33 (0xdad4bfc0))


Code: Bad EIP value.
<1>Unable to handle kernel paging request at virtual address 1874b3db
printing eip:
1874b3db
*pde = 00000000
Oops: 0000
ide-cd cdrom soundcore mousedev input autofs nfs lockd sunrpc eepro100 iptable
CPU: 1
EIP: 0010:[<1874b3db>] Not tainted
EFLAGS: 00010283

EIP is at Using_Versions [] 0x1874b3da (2.4.18-14smp)
eax: 0000003b ebx: f683a000 ecx: bfffbe44 edx: 00000018
esi: 00000000 edi: 0804a241 ebp: bfffbe34 esp: f683bfc0
ds: 0018 es: 0018 ss: 0018
Process zk (pid: 23488, stackpage=f683b000)
Stack: c0109437 bfffbe44 bfffbe44 0000000d 00000000 0804a241 bfffbe34 0000003b
0000002b 0000002b 0000003b 080480bb 00000023 00000286 bfffbe30 0000002b
Call Trace: [] system_call [kernel] 0x33 (0xf683bfc0))


Code: Bad EIP value.
<1>Unable to handle kernel paging request at virtual address 1874b3db
printing eip:
1874b3db
*pde = 00000000
Oops: 0000
ide-cd cdrom soundcore mousedev input autofs nfs lockd sunrpc eepro100 iptable
CPU: 1
EIP: 0010:[<1874b3db>] Not tainted
EFLAGS: 00010283

EIP is at Using_Versions [] 0x1874b3da (2.4.18-14smp)
eax: 0000003b ebx: c5a4e000 ecx: bfffbe44 edx: 00000018
esi: 00000000 edi: 0804a241 ebp: bfffbe34 esp: c5a4ffc0
ds: 0018 es: 0018 ss: 0018
Process zk (pid: 23569, stackpage=c5a4f000)
Stack: c0109437 bfffbe44 bfffbe44 0000000d 00000000 0804a241 bfffbe34 0000003b
0000002b 0000002b 0000003b 080480bb 00000023 00000286 bfffbe30 0000002b
Call Trace: [] system_call [kernel] 0x33 (0xc5a4ffc0))


Code: Bad EIP value.
<1>Unable to handle kernel paging request at virtual address 1874b3db
printing eip:
1874b3db
*pde = 00000000
Oops: 0000
ide-cd cdrom soundcore mousedev input autofs nfs lockd sunrpc eepro100 iptable
CPU: 1
EIP: 0010:[<1874b3db>] Not tainted
EFLAGS: 00010283

EIP is at Using_Versions [] 0x1874b3da (2.4.18-14smp)
eax: 0000003b ebx: e8e32000 ecx: bfffbe44 edx: 00000018
esi: 00000000 edi: 0804a241 ebp: bfffbe34 esp: e8e33fc0
ds: 0018 es: 0018 ss: 0018
Process zk (pid: 23576, stackpage=e8e33000)
Stack: c0109437 bfffbe44 bfffbe44 0000000d 00000000 0804a241 bfffbe34 0000003b
0000002b 0000002b 0000003b 080480bb 00000023 00000286 bfffbe30 0000002b
Call Trace: [] system_call [kernel] 0x33 (0xe8e33fc0))


Code: Bad EIP value.
<1>Unable to handle kernel paging request at virtual address 1874b3db
printing eip:
1874b3db
*pde = 00000000
Oops: 0000
ide-cd cdrom soundcore mousedev input autofs nfs lockd sunrpc eepro100 iptable
CPU: 0
EIP: 0010:[<1874b3db>] Not tainted
EFLAGS: 00010283

EIP is at Using_Versions [] 0x1874b3da (2.4.18-14smp)
eax: 0000003b ebx: ef788000 ecx: bfffbe44 edx: 00000018
esi: 00000000 edi: 0804a241 ebp: bfffbe34 esp: ef789fc0
ds: 0018 es: 0018 ss: 0018
Process zk (pid: 23583, stackpage=ef789000)
Stack: c0109437 bfffbe44 bfffbe44 0000000d 00000000 0804a241 bfffbe34 0000003b
0000002b 0000002b 0000003b 080480bb 00000023 00000286 bfffbe30 0000002b
Call Trace: [] system_call [kernel] 0x33 (0xef789fc0))


Code: Bad EIP value.
<6>device eth0 entered promiscuous mode
Unable to handle kernel paging request at virtual address 1874b3db
printing eip:
1874b3db
*pde = 00000000
Oops: 0000
ide-cd cdrom soundcore mousedev input autofs nfs lockd sunrpc eepro100 iptable
CPU: 1
EIP: 0010:[<1874b3db>] Not tainted
EFLAGS: 00010283

EIP is at Using_Versions [] 0x1874b3da (2.4.18-14smp)
eax: 0000003b ebx: cdd2e000 ecx: bfffbaf4 edx: 00000018
esi: 00000000 edi: 0804a241 ebp: bfffbae4 esp: cdd2ffc0
ds: 0018 es: 0018 ss: 0018
Process zk (pid: 8497, stackpage=cdd2f000)
Stack: c0109437 bfffbaf4 bfffbaf4 0000000d 00000000 0804a241 bfffbae4 0000003b
0000002b 0000002b 0000003b 080480bb 00000023 00000282 bfffbae0 0000002b
Call Trace: [] system_call [kernel] 0x33 (0xcdd2ffc0))


Code: Bad EIP value.
<1>Unable to handle kernel paging request at virtual address 1874b3db
printing eip:
1874b3db
*pde = 00000000
Oops: 0000
ide-cd cdrom soundcore mousedev input autofs nfs lockd sunrpc eepro100 iptable
CPU: 1
EIP: 0010:[<1874b3db>] Not tainted
EFLAGS: 00010283

EIP is at Using_Versions [] 0x1874b3da (2.4.18-14smp)
eax: 0000003b ebx: cdde8000 ecx: bfffbaf4 edx: 00000018
esi: 00000000 edi: 0804a241 ebp: bfffbae4 esp: cdde9fc0
ds: 0018 es: 0018 ss: 0018
Process zk (pid: 8503, stackpage=cdde9000)
Stack: c0109437 bfffbaf4 bfffbaf4 0000000d 00000000 0804a241 bfffbae4 0000003b
0000002b 0000002b 0000003b 080480bb 00000023 00000282 bfffbae0 0000002b
Call Trace: [] system_call [kernel] 0x33 (0xcdde9fc0))


Code: Bad EIP value.
<1>Unable to handle kernel paging request at virtual address 1874b3db
printing eip:
1874b3db
*pde = 00000000
Oops: 0000
ide-cd cdrom soundcore mousedev input autofs nfs lockd sunrpc eepro100 iptable
CPU: 1
EIP: 0010:[<1874b3db>] Not tainted
EFLAGS: 00010283

EIP is at Using_Versions [] 0x1874b3da (2.4.18-14smp)
eax: 0000003b ebx: d6 ...