Darwin or sshd crash? Can't login!

[zpincus]

I have run into a difficult situation here.

I am at home, many hundereds of miles away from my OS X box, which I have been administering remotely via ssh for the past few weeks.
I rebooted it a few times, to see if everything would work, and it did. The last time I checked uptime (yesterday) it was at about five days. So my machine should be just sitting there, displaying the login window...

Anyhow, today the machine no longer responds to ssh, scp, or ftp, all of which were functional as of yesterday.
This morning, I tried to log in to my machine over ssh, and got as far as entering my username and password. When I hit return after typing the password, I got no further response. Now, ssh doesn't even get that far, and just clams up while "making a connection." I've tried NiftyTelnetSSH from home, as well as ssh from a solaris machine on campus.

My machine still responds to pings as fast as ever. The only abnormal things I did yesterday were "defaults write com.apple.dock orientation Right" to surprise myself when I got back, and running kmodstat a few times as root, to get a feel for how it works. (Just "sudo kmodstat"... I didn't even do a full su!)

Any ideas? Can kmodstat fark things up? I have heard tell of a memory leak in the TCP stack thingie -- does any one else know about this? Could that cause tcp daemons to freeze while leaving the machine responsive to pings? How might I fix this remotely (if at all?)

Also, I want to run a portscan, to see what remains open (and to see if anyone has perhaps hacked my box and opened other ports?) What's a good web portscanner? Are there other ways to find out if I've been infiltrated?

Any help at all would be much appreciated.

Zach

[AdmiralAK]

Interesting stuff...
ermmm.... is anyone else near the machine ?
......who uses the machine except you ???


and lastly....why ?! except for the obvious answer that u want access to your files lol :-p)


Admiral

[zpincus]

My OS X machine is in a locked dorm room. Only I have passwords, and telnet (though not ftp) is disabled.
Why do I remotely log in to it from home?

1) To retrieve project files (via scp) to work on at home.
2) To play with darwin. About 50% of my OS X exploration time takes place in the terminal, so remotely logging in still affords plenty of opportunities to learn...
3) I have a fast internet connection at school. I surf remotely on lynx on my OS X box, because it is faster than IE here at home. Ouch.

Anyhow, patpro offered these thoughtful suggestions on the macnn board, and I'll relay them, because they were so darn useful. Everyone should especially check out nissus, and audit their OS X security.

Quote:

about portscan, you should try AGNet Tools from your MacOS 9 : demo downloadable from http://www.wildpackets.com/ (oups they changed names....)

about ssh...hum, it sounds like you'll have to use a special remote device called "john Doe" to reboot your X box. To prevent (at least to try to) further problem try to set up a crontab that would attempt a connection of some kind (mail, ftp...) from your X box to another remote host to check TCP availability and would reboot the box after 2 or 3 connection error.

about security issues, if you have just ONE doubt, format and reinstall. Salvation is in virginity ;-), and try using Unix diagnostic tools from the X machine. Some of them check your environment for changes and mail you when non-temp files are changed
...
check http://www.nessus.org/ for example, you'll have to compile it without GUI support, but it should work as it as been designed with BSD in mind.

This guy's full of good ideas! Hey, anyone know how to set up a script that will reboot the machine if there are two or three TCP failures? I might be able to write a C program, but I'm not sure
1) How to do it in a simple script
or 2) How to interface C programs with shell commands.
Any thoughts?

Zach