Welcome to Hell / Mysterious networking troubles on FreeBSD
soralx at cydem.org
soralx at cydem.org
Sat Nov 24 06:37:09 PST 2007
> As a lot of people recommended using tcpdump, here it is. The only
> thing that stands out, are hundreds and thousands of lines like this:
>
> 13:45:49.991592 IP 82.165.252.222.36887 > ns1.galandrex.ee.43077: UDP,
> length 9216
> 13:45:49.996482 IP 82.165.252.222.36887 > ns1.galandrex.ee.33803: UDP,
> length 9216
> 13:45:50.001174 IP 82.165.252.222.36887 > ns1.galandrex.ee.63574: UDP,
> length 9216
> 13:45:50.005955 IP 82.165.252.222.36887 > ns1.galandrex.ee.36618: UDP,
> length 9216
> 13:45:50.010749 IP 82.165.252.222.36887 > ns1.galandrex.ee.48231: UDP,
> length 9216
>
> That IP resolves to u15194704.onlinehome-server.com. Seems to be a
> german ISP. After five seconds the capture.out file was already
> 2.8MB. You can see the file here: https://89.219.136.126/capture.out
>
> Thank you again to all the nice people who contacted me. And again,
> it would be nice if you could send me a copy of your reply, because
> I'm not a member of the list (either reply or cc to joel at spirit.ee).
> Thanks!
Looks like a case of DDoS indeed. The node's DNS A-record better be
left pointing to the old IP#, and the IP address changed.
> Joel V.
[SorAlx] ridin' VS1400
More information about the freebsd-hackers
mailing list