sysadmin necromancy

T

throAU

So... just had to resurrect a machine (internal intranet server) I decomissioned several years ago to retrieve some data.

Code: 
FreeBSD carver.byrnecut.com.au 4.10-STABLE FreeBSD 4.10-STABLE #4: Fri Jun 18 14:47:29 WST 2004
root@carver.byrnecut.com.au:/usr/obj/usr/src/sys/CARVER  i386

Was converted to a VM back in 2008 and decommissioned shortly thereafter.

Anyone had to resurrect a box from more than 5 years ago? :)


I actually built this machine way back in 2002...
 
Nothing as old as that! wow.

I had a box once that got shot up because of Mantis. Before I took it offline, I asked the developer if he got everything he wanted off it and he said he was good to go.

About three years later he pinged me asking if I just happened to have the Apache logs. He lost his somehow .. Lucky for him since the hard drive was IDE I had just shelved it. Saved the day by spinning it up and got the data he was looking for.

:e
 
No resurrections, but I did Frankenstein several dead and broken machines to make one working again.
 
One time, like a year ago, I needed to ressurect system which I didn't run for ~12 years (my very first desktop with Win98 onboard). It was running for like ~7 years with several upgrades till 2001 (so it could not be counted as a real-oldschool machine). At first, it was my father's workbox with DEMOS (USSR Unix forked from BSD, dunno if you'll find any english sources on that); then was converted to DOS; then to Win 95 (at this point I've started using the box for some childish games in 96-97? ), then to 98 (and somewhere at this point my dad bought himself a new desktop, giving this one away to me).
Same reasons: needed to get some data out of it (fotos in particular). In terms of servers, well, never needed that..
 
An ISP I once worked for still had a mailbox server online somewhere a couple of weeks ago. That one ran 3.x. Not been exploited to the day it was last online.
 
I briefly brought up a mothballed 486 system running NetBSD 0.8 (from April 1993) in 2009 to recover some files. The power supply had died in its sleep, but everything else still worked.
 
Pff, amateurs. This relic is still running, 13 years later ;)

Code: 
# uname -a
FreeBSD XXX 3.4-RELEASE FreeBSD 3.4-RELEASE #0: Tue Mar 14 10:52:08 GMT 2000     root@XXX:/usr/src/sys/compile/MAGICAL  i386
# uptime
 9:21PM  up 1103 days, 17:21, 1 user, load averages: 0.00, 0.00, 0.00

Code: 
# dmesg
Copyright (c) 1992-1999 FreeBSD Inc.
Copyright (c) 1982, 1986, 1989, 1991, 1993
        The Regents of the University of California. All rights reserved.
FreeBSD 3.4-RELEASE #0: Tue Mar 14 10:52:08 GMT 2000
    root@XXX:/usr/src/sys/compile/MAGICAL
Timecounter "i8254"  frequency 1193182 Hz
CPU: Unknown 80686 (551.25-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0x681  Stepping = 1
  Features=0x387f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,<b18>,MMX,FXSR,<b25>>
real memory  = 536870912 (524288K bytes)
config> di zp0
config> di ze0
config> di lnc0
config> di le0
config> di ie0
config> di fe0
config> di ex0
config> di ep0
config> di ed0
config> di cs0
config> di wt0
config> di scd0
config> di mcd0
config> di matcdc0
config> di bt0
config> di aic0
config> di aha0
config> di adv0
config> q
avail memory = 519090176 (506924K bytes)
Preloaded elf kernel "kernel" at 0xc0379000.
Preloaded userconfig_script "/boot/kernel.conf" at 0xc037909c.
Pentium Pro MTRR support enabled
Probing for devices on PCI bus 0:
chip0: <Intel 82443BX host to PCI bridge> rev 0x03 on pci0.0.0
chip1: <Intel 82443BX host to AGP bridge> rev 0x03 on pci0.1.0
chip2: <Intel 82371AB PCI to ISA bridge> rev 0x02 on pci0.7.0
ide_pci0: <Intel PIIX4 Bus-master IDE controller> rev 0x01 on pci0.7.1
chip3: <Intel 82371AB Power management controller> rev 0x02 on pci0.7.3
xl0: <3Com 3c905B-TX Fast Etherlink XL> rev 0x30 int a irq 10 on pci0.9.0
xl0: Ethernet address: 00:50:da:1a:44:c4
xl0: autoneg complete, link status good (full-duplex, 100Mbps)
ahc0: <Adaptec 2940 Pro Ultra SCSI adapter> rev 0x01 int a irq 12 on pci0.10.0
ahc0: aic7880 Wide Channel A, SCSI Id=7, 16/255 SCBs
Probing for devices on PCI bus 1:
vga0: <S3 model 8a13 graphics accelerator> rev 0x02 on pci1.0.0
Probing for PnP devices:
Probing for devices on the ISA bus:
sc0 on isa
sc0: VGA color <16 virtual consoles, flags=0x0>
atkbdc0 at 0x60-0x6f on motherboard
atkbd0 irq 1 on isa
psm0 not found
sio0 at 0x3f8-0x3ff irq 4 flags 0x10 on isa
sio0: type 16550A
sio1 at 0x2f8-0x2ff irq 3 on isa
sio1: type 16550A
fdc0 at 0x3f0-0x3f7 irq 6 drq 2 on isa
wdc0 not found at 0x1f0
wdc1 at 0x170-0x177 irq 15 on isa
wdc1: unit 0 (atapi): <LTN382/WL2A>, removable, intr, dma, iordis
acd0: drive speed 6890KB/sec, 120KB cache
acd0: supported read types: CD-DA
acd0: Audio: play, 255 volume levels
acd0: Mechanism: ejectable tray
acd0: Medium: no/blank disc inside, unlocked
ppc0 at 0x378 irq 7 flags 0x40 on isa
ppc0: Generic chipset (NIBBLE-only) in COMPATIBLE mode
lpt0: <generic printer> on ppbus 0
lpt0: Interrupt-driven port
ppi0: <generic parallel i/o> on ppbus 0
plip0: <PLIP network interface> on ppbus 0
vga0 at 0x3b0-0x3df maddr 0xa0000 msize 131072 on isa
npx0 on motherboard
npx0: INT 16 interface
IP packet filtering initialized, divert enabled, rule-based forwarding enabled, default to accept, logging limited to 100 packets/entry by default
BRIDGE 990810, have 6 interfaces
-- index 1  type 6 phy 0 addrl 6 addr 00.50.da.1a.44.c4
DUMMYNET initialized (990504)
IP Filter: initialized.  Default = pass all, Logging = enabled
Waiting 15 seconds for SCSI devices to settle
changing root device to da0s1a
da0 at ahc0 bus 0 target 0 lun 0
da0: <IBM DNES-318350W S80K> Fixed Direct Access SCSI-3 device
da0: 40.000MB/s transfers (20.000MHz, offset 8, 16bit), Tagged Queueing Enabled
da0: 17501MB (35843670 512 byte sectors: 255H 63S/T 2231C)

Hope @SirDice doesn't see that, he'll have a heart attack.
Edit: Just realised @SirDice is in this thread...
 
Last edited by a moderator:
I semi-recently (about a year ago) resurrected an old AthlonXP 2000+ box.

It failed to boot, like the hard drive wasn't even there. But it was. Now for the funny part.. the drive wouldnt even spin.. I plugged in and heard the motor attempt to spin.. but didnt.. I bumped it with the palm of my hand, and it started spinning! Then it booted into a really old Gentoo linux system. I then zero'd out the drive, put FreeBSD 9.0-RELEASE on it, added a pci sata card and some drives into the box, and ran it as a NAS until a few months ago, when I decided it was costing me more in electricity than was worth to have the NAS.
 
break19 said:
I bumped it with the palm of my hand, and it started spinning!
Click to expand...

Classics :) That happened to me on my test server ~8years ago. System disk had problem to spin up upon startup and head made very ugly noises once it actually did spin up. I was so frustrated I hit it with my fist and voilà, I was able to recover data from it.

I never had to recover the whole server, but I found old WD 1.2GB Caviar which was used as /var/mail on old campus Debian mailserver (~year 2001).
 
Yea.. It was a last ditch effort. The interesting part was, once I did that, and zero'd it out, smart still didn't report any errors other than excessive spin up time. No bad sectors, etc.
 
How about starting old C-64 home computer and viewing some 5"1/2 diskettes from 1985 and still in working condition, we could still read files in those diskettes without any problems....with old 1541 disk drive....
 
Also old Amiga 500 system still reads diskettes from 1980's and boots without any problems. My first x86 macihne 225mhz Pentium MMX from 1998 is still usable and boots with Win98SE. Newer PII 500mhz Compaq still boots, and works, it was networked machine in old days and runs WIn98SE. BTW. it boots faster than any of my more modern machines.
 
johnblue said:
What was being done to keep it protected? That is an impressive amount of time for it to have no problems.
Click to expand...

If it was only a mailbox server, then potentially its exposure could be quite limited - all ports blocked except for 22 for remote admin from trusted internal source(s), port 25 blocked from everywhere except a trusted mail relay server, etc.

If all it was exposing was a copy of a POP or IMAP daemon then potentially it may have been quite secure; I don't remember seeing many/any remote exploits for IMAP or POP?


But yeah, if an exploit was to become available, that box would be quite vulnerable and awkward to upgrade in place.
 
johnblue said:
What was being done to keep it protected? That is an impressive amount of time for it to have no problems.
Click to expand...

In all honesty, it was slightly 'obscured' because no public DNS record was pointing to it any more ('mail' was a CNAME to its actual hostname, and that CNAME changed along the way), it was firewalled, and (back then) tcpwrapper-ed on most daemons, and there were some scripts tailing all log files to immediately exclude an IP showing suspicious activity upon detection.
 
Few years ago (maybe ~2004) a friend of mine, who owns a computer shop, told me that one of his customers asked him to build and install a small firewall machine for securing their LAN. It was a very simple LAN of Windows machines connected to internet through an "XP server" that was not a "server": it was the PC of an employee with "Connection Sharing", so they want to basically replace the "XP server" machine with a more secure one - and possibly dedicated.

But they don't want to spend too much, and my friend knows nothing about firewalls, so he feared we needed a powerful and expensive machine. So I went in the back of his shop, took an old Pentium 200 MHz zombie with 32 Mb of RAM and 8 GB HDD, installed OpenBSD and configured it as a transparent firewall.

He was amazed, as well as the customer.

For the next three years the firewall worked flawlessly, now I am no longer in contact with them, but maybe it's still alive.
 
You must log in or register to reply here.
Back
Top