port-mac68k: RE: How to interpret the results of a portscan?

Subject: RE: How to interpret the results of a portscan?
To: Michael G. Schabert <port-mac68k@netbsd.org>
From: Jan Schenkel <jan.schenkel@pandora.be>
List: port-mac68k
Date: 11/11/2002 21:21:44

Hi Michael,

Thanks for all the information. Up until I installed NetBSD my un*x
knowledge had been pretty much limited to being a simple user of a Solaris
server in college, and a Linux box someone else had setup for me so I could
practice writing shell scripts, and that was 8 years ago.
My field of expertise is in business applications and databases -- I'm
trying to learn more when I find the time (and that's unfortunately a rare
event), but in the meantime I'm very glad you guys are here to answer my
newbie questions.

Best regards,

Jan Schenkel.

-----Original Message-----
From: Michael G. Schabert [mailto:mikeride@mac.com]
Sent: zondag 10 november 2002 16:17
To: Jan Schenkel; port-mac68k@netbsd.org
Subject: RE: How to interpret the results of a portscan?

At 11:45 AM +0100 11/10/02, Jan Schenkel wrote:
>[snip]
>The only oddities now are 'buffer overflow' errors which seem to not hamper
>anything but sometimes show up on the screen,

That is probably just your network card running out of buffer memory
during high network activity. The beginning of the message should
show *what* is giving the error. If it is mc0, de0, or sn0, then it's
just the NIC.

>  and a hard disk that sounds
>like it is getting accessed even though the machine isn't doing anything
(in
>the sense that the other computers are off).

There could be a few reasons for this. If it's the middle of the
night, then it is the computer running its daily scripts (read
/var/cron/tabs/root, /etc/daily, and /etc/weekly to see how/what is
being done). If it is during the day, then it may just be that your
machine doesn't have enough physical RAM to hold everything, so that
things are being swapped out. If you have programs that are paged
out, then even if they're not doing anything, they still must
periodically be read back from the hard drive long enough for them to
tell the kernel that they don't need to do anything. Do a "ps -aux"
to get an idea of how many processes are running even when your
machine "isn't doing anything".

HTH
Mike
--
Bikers don't *DO* taglines.