I installed ASL yesterday after a successful hack on my server - I've went through all the steps to get it installed and now have 1 moderate and 1 low vulnerability.
Everything was operating fine until a few minute ago when the server completely stopped responding.
I could not log in via SSH, view websites, use emails or even ping.
I used my remote console to reset the power and reboot.
After inspecting /var/log/messages, i can see that the server was doing things while it was unresponsive:
Nov 24 18:27:43 xxx xinetd: EXIT: ftp status=0 pid=16002 duration=52(sec)
Nov 24 18:28:59 xxx clamd: stream(127.0.0.1@1027): ASL.MalwareBlacklist.rbcmail.ru.UNOFFICIAL FOUND
Nov 24 18:29:08 xxx kernel: nf_conntrack: table full, dropping packet.
Nov 24 18:30:01 xxx psmon: Forking background daemon, process 16119.
Nov 24 18:30:01 xxx psmon: Forking second background daemon, process 16121.
Nov 24 18:31:00 xxx kernel: nf_conntrack: table full, dropping packet.
Nov 24 18:31:07 xxx postfix/smtpd: sql_sqlite3 plugin: no result found
Nov 24 18:32:13 xxx kernel: nf_conntrack: table full, dropping packet.
Nov 24 18:33:21 xxx syslogd 1.4.1: restart.
I'm assuming here that clamd found a virus in an email - nothing unsual about that (or am I wrong?).
What concerns me is this new log entry that i've never seen before:
kernel: nf_conntrack: table full, dropping packet.
Can anyone advise on what it is doing?
p.s. The sql_sqlite log is one i've seen for months - I tried to get rid of it, but couldn't figure out how