MikeL's FreeBSD crashing HowTo

18-Feb-2014

This is not a full on tutorial on fixing a FreeBSD crash, just a quick note on what I just went through.

My old (version 7.1) FreeBSD system suddenly started crashing at random. It is a Dell 2450 with RAID 5 config. One of the disks has been flashing yellow for some unknown time. This machine is remote from me, and on a very high-speed, non-metered link.

Visiting the machine to figure out what happened, a simple reset fixed it, however disk would still flash yellow. I assumed the problem was related to the disk, I bought a new one. See my Notes on Disks for more info on that process.

Meanwhile, I also have a fixed IP block with CenturyLink and I got an email from centurlyinkservices.net -- this is a legit email. It gave a cryptic log entry naming the two FreeBSD IPs (I have secondary servers at home too), and not mentioning the other 3 IPs. It mentioned 'Drone Report', 'bots' and port 123.

I called them up and asked for some useful information, was unable to get anything meaningful out of a string of tech support people. The gave me the incorrect assumption that it was some sort of key logger. They suggested supposedly one-shot virus checkers from AVG and others; these either did not download, or turned out to be ongoing full on virus checkers that I did not want. Regadless, AVG did not find anything on any of my internal windows systems.

About the same time my DSL suddenly began to dog down horribly. 'tracert' to the outside world would show milliseconds inhouse, every step from the DSL outwards would be at 2.5 seconds+. The tech support people did say my system was quarantined or some such, I'm guessing they had blocked my ntp port, and once I was talking to them about it, they released it.

Turns out this was simply an ntpd DDoS attack. Google "FreeBSD-SA-14:02.ntpd". I fixed it by simply:


Copyright © 1995-2024 Mike Lempriere (running on host bayanus)