 |
 |
We are having problems with our Netware 6sp4 Server abending (suddenly). The server has been up and running for months without changes but seems to abend randomly. After further inspection the abend.log pointed to a Backup Exec file, the server has been running well when BE is unloaded. The violation occurred while processing the following instruction: 0025C26B 8B5704 MOV EDX,[EDI+04] 0025C26E 895010 MOV [EAX+10],EDX 0025C271 8B5014 MOV EDX,[EAX+14] 0025C274 42 INC EDX 0025C275 8B4810 MOV ECX,[EAX+10] 0025C278 895014 MOV [EAX+14],EDX 0025C27B 85C9 TEST ECX,ECX 0025C27D 750C JNZ 0025C28B 0025C27F 8B4004 MOV EAX,[EAX+04] 0025C282 8903 MOV [EBX],EAX Running process: NRLTLI.NLM 11 Process Thread Owned by NLM: NRLTLI.NLM Stack pointer: 8B695028 OS Stack limit: 8B691240 CPU 0 (Thread 8AB27100) is in a NO SLEEP state Scheduling priority: 67371008 Wait state: 5050190 Blocked on a kernel CV After posting to Veritas and Novell we came up with ... Sounds like you're being hit with a new exploit that's floating around for this BackupExec vulnerability: http://www.idefense.com/application/poi/display?id=169&type=vulnerabilities http://isc.sans.org/diary.php?date=2005-01-10 Try blocking port 6101, or unload BackupExec. -David We are working on blocking ports but if there are any more suggestions they would be appreciated. Scott Foreman Scott Foreman System Development Controller's Office Michigan State University 146 Admin Bldg East Lansing, MI 48824 PH: 517-353-4443 FAX: 517-353-9640 EMAIL: [log in to unmask]