Subject: Interesting discovery.
To: None <>
From: Herb Peyerl <>
List: current-users
Date: 08/23/2004 14:23:56
I just had a really bad morning/day trying to figure out why a 
firewall/router which had been up for 8+ months had suddenly decided to 
be unreliable.  After having remote hands swap hardware and so forth, 
it was isolated to the OS which was 1.6.1... As soon as the thing hit 
multi-user, it would hang within a minute. nothing on the console 
except some 'tlp' underruns...

Eventually I managed to get a 2.0 beta kernel onto it and then it would 
actually stay up... Strangely, this only started happening last night; 
with months of being a perfectly happy little computer.

Shortly after the 2.0 kernel went on, and I untarred the rest of 
userland, is when I discovered the problem.  Quite a number of hosts on 
the network were fishing through the address space on port 445 looking 
for, presumably, windows fileservers.  Clearly a virus of some sort.  
After ipf'ing those hosts out of the way, everything is calm again.  We 
were hitting some 30,000 ipnat MAP's and 2.0 was perfectly content to 
deal with them whereas 1.6.1 was decidedly less happy with the