Subject: Interesting discovery.
To: None <current-users@NetBSD.org>
From: Herb Peyerl <email@example.com>
Date: 08/23/2004 14:23:56
I just had a really bad morning/day trying to figure out why a
firewall/router which had been up for 8+ months had suddenly decided to
be unreliable. After having remote hands swap hardware and so forth,
it was isolated to the OS which was 1.6.1... As soon as the thing hit
multi-user, it would hang within a minute. nothing on the console
except some 'tlp' underruns...
Eventually I managed to get a 2.0 beta kernel onto it and then it would
actually stay up... Strangely, this only started happening last night;
with months of being a perfectly happy little computer.
Shortly after the 2.0 kernel went on, and I untarred the rest of
userland, is when I discovered the problem. Quite a number of hosts on
the network were fishing through the address space on port 445 looking
for, presumably, windows fileservers. Clearly a virus of some sort.
After ipf'ing those hosts out of the way, everything is calm again. We
were hitting some 30,000 ipnat MAP's and 2.0 was perfectly content to
deal with them whereas 1.6.1 was decidedly less happy with the