ssh, daemon, and system errors

[John DeStefano]

Greetings FBSD-Q listers,

Some may recall that I (and a few other folks) reported a massive
outburst of ssh connection hammerings on my FBSD 5.0-RELEASE machine a
few months ago.  The conection attempts are still occurring, usually
about 5-10 attempts per day, but occassionally I get a log of someone
from a single IP address hammering 50-100 times, and trying to use
such accounts as nobody, www, operator, and ftp.  There is no record
of success by any of these attempts, but I am aware that a
well-educated intruder could easily have erased their tracks. 
Responses from the list included checking 'last' (mine was clean) and
using "PermitRootLogin no" in sshd_config.  I'm sure more suggestions
would include invoking a jalied environment, but I've got no
experience in this aside from RTFM.  I still don't feel comfortable
that this machine, won't be broken into, if it hasn't been already, so
I'm open to suggestions on how to tighten things up.

In addition to this, I'm beginning to experience some other problems
on the machine--maybe related, maybe not, but it seems an odd
coincidence that this stuff would begin to break now after about 2
years of near-flawless server performance.  Many of these could surely
be network-related, but I'm not seeing network problems with other
client machines on this network:

cvsup still works perfectly; I run it once a week via crontab entry to
update everything.

ddclient (my ISP assigns dynamic IP addresses) worked fine until about
a week ago; since then, I get sporatic socket errors about bad host
names and not being able to connect.

sshd has always been rock solid until the last few days.  Since then,
I'm getting timeouts when trying to connect (remotely and from the
local network), no matter if I try to connect via a hostaname, domain
name, or IP address, but not _all_ of the time.  It seems like I can
connect about 1/3 of the time, but even then my sessions time out when
I'm idle for a very short time, or sometimes while I'm actually typing
(which is in fact what happened to me just now).

httpd performance has been just as sporatic as sshd, which is a very
bad thing.  I haven't changed my httpd.config in a year.

bind has never worked properly, but I am certain that issue is related
only to my inexperience.

samba has been screwy.  I run a local script to connect to mount_smbfs
shares on the network and offer shared directories on this machine. 
Lately, the shares either don't get connected, or show up in my daily
logs as being connected twice.

I don't run an ftp on this machine, and that's just about every
network daemon I run that can think of (without being able to connect
to the machine to check).

Finally, I've not been able to update the source on this machine; I
keep getting 'error code 1' exit messages, and although I am able to
update the index with 'make fetchindex', 'make index' thereafter gives
a similar error.

I realize none of these are addressible directly without more
information and evidence.  I wanted to get opinions first before
flooding the list with log and config data, but I would be glad to
provide the contents of any files, or any other info, on request.

This machine has never been this screwed up, so I'm thinking of trying
a reinstall or upgrade, but I didn't take good notes while setting
this thing up a while ago and I'm nervous about losing settings, or
even worse, data.  I'm also worried that I won't be able to get
everything back up and running the way it was.  But I suppose the
alternative is to leave it as-is, and that's not working very well.

Looking forward to your thoughts.

Thanks,
~John