Date: Sat, 24 Nov 2007 06:36:37 -0800 From: soralx@cydem.org To: joel@smail.ee Cc: freebsd-hackers@freebsd.org Subject: Re: Welcome to Hell / Mysterious networking troubles on FreeBSD Message-ID: <20071124063637.27a877a8@soralx> In-Reply-To: <003301c82e99$6c099360$0200a8c0@windsor> References: <003301c82e99$6c099360$0200a8c0@windsor>
next in thread | previous in thread | raw e-mail | index | archive | help
> As a lot of people recommended using tcpdump, here it is. The only > thing that stands out, are hundreds and thousands of lines like this: > > 13:45:49.991592 IP 82.165.252.222.36887 > ns1.galandrex.ee.43077: UDP, > length 9216 > 13:45:49.996482 IP 82.165.252.222.36887 > ns1.galandrex.ee.33803: UDP, > length 9216 > 13:45:50.001174 IP 82.165.252.222.36887 > ns1.galandrex.ee.63574: UDP, > length 9216 > 13:45:50.005955 IP 82.165.252.222.36887 > ns1.galandrex.ee.36618: UDP, > length 9216 > 13:45:50.010749 IP 82.165.252.222.36887 > ns1.galandrex.ee.48231: UDP, > length 9216 > > That IP resolves to u15194704.onlinehome-server.com. Seems to be a > german ISP. After five seconds the capture.out file was already > 2.8MB. You can see the file here: https://89.219.136.126/capture.out > > Thank you again to all the nice people who contacted me. And again, > it would be nice if you could send me a copy of your reply, because > I'm not a member of the list (either reply or cc to joel@spirit.ee). > Thanks! Looks like a case of DDoS indeed. The node's DNS A-record better be left pointing to the old IP#, and the IP address changed. > Joel V. [SorAlx] ridin' VS1400
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071124063637.27a877a8>