At 11:45 AM +0100 11/10/02, Jan Schenkel wrote:
>Hi all,
>
>First of all, I would like to thank you all (Randy, Brendan, Izaac, Ron,
>Bruce and Bill) very much for your replies ; they've proven very helpful in
>understanding how these things operate.
>Appearently the portscan on unixcircle wasn't a portscan of my own server,
>but of some computer on my ISP's network (no idea why that happened), and my
>own box was locked down as it should -- as far as I can tell from reading
>the documents and probing settings here and there.
>The only oddities now are 'buffer overflow' errors which seem to not hamper
>anything but sometimes show up on the screen,

That is probably just your network card running out of buffer memory 
during high network activity. The beginning of the message should 
show *what* is giving the error. If it is mc0, de0, or sn0, then it's 
just the NIC.

>  and a hard disk that sounds
>like it is getting accessed even though the machine isn't doing anything (in
>the sense that the other computers are off).

There could be a few reasons for this. If it's the middle of the 
night, then it is the computer running its daily scripts (read 
/var/cron/tabs/root, /etc/daily, and /etc/weekly to see how/what is 
being done). If it is during the day, then it may just be that your 
machine doesn't have enough physical RAM to hold everything, so that 
things are being swapped out. If you have programs that are paged 
out, then even if they're not doing anything, they still must 
periodically be read back from the hard drive long enough for them to 
tell the kernel that they don't need to do anything. Do a "ps -aux" 
to get an idea of how many processes are running even when your 
machine "isn't doing anything".

HTH
Mike
-- 
Bikers don't *DO* taglines.