[ previous ] [ next ] [ threads ]
 
 From:  "Jeroen Visser" <monowall at forty dash two dot nl>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Stray IRQ 7 all of a sudden.
 Date:  Fri, 12 May 2006 10:13:45 +0200 
Hi List,

For about a week now, the m0n0wall I use at work started to show problems.
Problems as in not accepting network traffic, not responding or functioning
otherwise. I was not able to check on the console (it's a standard PC
configuration), to see if the console responded. The only thing I see on my syslog
server is this.

May 11 14:16:04 172.16.0.100 /kernel: stray irq 7
May 11 14:24:45 172.16.0.100 /kernel: stray irq 7
May 11 14:26:44 last message repeated 2 times
May 11 15:56:58 172.16.0.100 /kernel: stray irq 7
May 11 15:56:58 172.16.0.100 /kernel: too many stray irq 7's; not logging any more

And then it stops. It stops completely. Checking the mailing list revealed a few
posts about this issue, with no solution. Googling for this, also gave me no
solution. The only thing I could find is that this is hardware related. 

So I replaced the m0n0wall with my allmost hostspare one :-) 

When the spare had booted, the message started repeating itself. Two of the same
hardware problems in two totally different systems? The only things that are the
same on both systems are that they both use Intel NICS and both boot from CF. The
motherboard is different, memory is different and so on and so on. IRQ 7 is
usually shared with IRQ 15 and 7 is used for parralel ports, but on both systems
the parralel port is disabled. PNP in bios is disabled.

Since I now have two systems that respond the same, I started to think that this
might be otherwise related, but I can be totally misguided in this one. The
company I work for handles the payout for insurance companies to people and
decides in a lot of cases wether or not people get paid. Often people do not get
paid and are pissed off. We had several false bomb reports, threats and other
stuff going on in the past here. 

Why this story? 
Well, can I rule our that someone is attacking us via the Internet and causing
this problem? The only thing the m0n0wall accepts are incoming IPSEC requests, and
some rules for some DMZ hosts. The DMZ hosts are all routed and not natted or
proxy-arped. I see no strange traffic being logged.

I am at a total loss here, but I will try a brand new firewall soon, with all new
hardware. 

Anyone have any idea what to do else ?

--
Jeroen Visser.