Date: Tue, 7 Aug 2001 22:52:56 -0400 (EDT) From: Jim Freeze <jim@freeze.org> To: "Jonathan M. Slivko" <jslivko@blinx.net> Cc: <questions@freebsd.org> Subject: RE: Why is my network so busy? Message-ID: <Pine.BSF.4.32.0108072252310.23744-100000@www.stelesys.com> In-Reply-To: <000601c11fa5$a7d0d2f0$8701a8c0@equinox>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 7 Aug 2001, Jonathan M. Slivko wrote: > Probbably Code Red flowing through your network to find vulnerable > machines to hack. Same thing is happening here on my Road Runner > account. -- Jonathan Is there some ports I can shut down to stop the traffic? Jim > > -- > Jonathan M. Slivko <jslivko@blinx.net> > Blinx Networks, Inc. > http://www.blinx.net > > -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG] On Behalf Of Jim Freeze > Sent: Tuesday, August 07, 2001 7:29 PM > To: questions@freebsd.org > Subject: Why is my network so busy? > > Hi: > > I noticed that the light on my cable modem are flashing > constantly like my network is very busy. > > My FBSD box acts as a firewall and a gateway. > Nothing is connected to the lan but a single, inactive, pc. > > I'm afraid I don't know much about networks or how to debug > tcpdump, but I would appreciate if someone could glance > over the following snippet and tell me if there is anything > I need to be concerned about. > > Thanks > > > tcpdump > 19:25:59.974705 eeyore1.1692 > vdgh1.mia.xpc-mii.net.http: . ack 1 win > 17520 (DF) > 19:25:59.976092 eeyore1.1692 > vdgh1.mia.xpc-mii.net.http: P 1:370(369) > ack 1 win 17520 (DF) > 19:26:00.046297 vdgh1.mia.xpc-mii.net.http > eeyore1.1692: . ack 370 win > 64240 (DF) > 19:26:00.046794 vdgh1.mia.xpc-mii.net.http > eeyore1.1692: P 1:48(47) > ack > 370 win 64240 (DF) > 19:26:00.047213 vdgh1.mia.xpc-mii.net.http > eeyore1.1692: P 48:87(39) > ack > 370 win 64240 (DF) > 19:26:00.060552 eeyore1.1692 > vdgh1.mia.xpc-mii.net.http: F 370:370(0) > ack 87 win 17520 (DF) > 19:26:00.075043 arp who-has 65.8.166.182 tell 65.8.166.1 > 19:26:00.081904 arp who-has 65.8.166.75 tell 65.8.166.1 > 19:26:00.084998 arp who-has 65.8.166.12 tell 65.8.166.1 > 19:26:00.123547 vdgh1.mia.xpc-mii.net.http > eeyore1.1692: . ack 371 win > 64240 (DF) > 19:26:00.123994 vdgh1.mia.xpc-mii.net.http > eeyore1.1692: F 87:87(0) > ack > 371 win 64240 (DF) > 19:26:00.124141 eeyore1.1692 > vdgh1.mia.xpc-mii.net.http: . ack 88 win > 17520 (DF) > 19:26:00.127217 arp who-has ci845718-h.lxintn1.ky.home.com tell > 24.14.41.1 > 19:26:00.127786 arp who-has 65.8.166.109 tell 65.8.166.1 > 19:26:00.135566 arp who-has 24.178.230.210 tell 24.178.230.1 > 19:26:00.151353 eeyore1.3775 > dns1.domain: 42860+ (45) > 19:26:00.286186 dns1.domain > eeyore1.3775: 42860 NXDomain* 0/1/0 (129) > 19:26:00.291819 eeyore1.3776 > dns1.domain: 42861+ (42) > 19:26:00.396765 arp who-has 65.8.166.105 tell 65.8.166.1 > 19:26:00.456239 arp who-has 24.178.230.144 tell 24.178.230.1 > 19:26:00.569802 dns1.domain > eeyore1.3776: 42861 NXDomain* 0/1/0 (124) > 19:26:00.582390 eeyore1.3777 > dns1.domain: 42862+ (43) > 19:26:00.610029 arp who-has 24.178.230.102 tell 24.178.230.1 > 19:26:00.627598 arp who-has 24.178.230.211 tell 24.178.230.1 > 19:26:00.681116 dns1.domain > eeyore1.3777: 42862* 1/2/2 (183) > 19:26:00.688916 eeyore1.3778 > dns1.domain: 42863+ (43) > 19:26:00.785364 dns1.domain > eeyore1.3778: 42863 NXDomain* 0/1/0 (125) > 19:26:00.791320 eeyore1.3779 > dns1.domain: 42864+ (43) > 19:26:00.794975 arp who-has ct28536-a.lxintn1.ky.home.com tell > 24.14.41.1 > 19:26:00.818941 arp who-has 65.8.166.36 tell 65.8.166.1 > 19:26:00.898762 dns1.domain > eeyore1.3779: 42864* 1/2/2 (183) > 19:26:00.902201 eeyore1.3780 > dns1.domain: 42865+ (42) > > eeyore1 is my machine. > > The first few lines of netstat returns: > > netstat > Active Internet connections > Proto Recv-Q Send-Q Local Address Foreign Address (state) > tcp 0 0 eeyore1.1890 vdgh1.mia.xpc-mi.http > TIME_WAIT > tcp 0 0 eeyore1.1889 vdgh1.mia.xpc-mi.http > TIME_WAIT > tcp 0 0 eeyore1.1888 vdgh1.mia.xpc-mi.http > TIME_WAIT > tcp 0 0 eeyore1.1887 vdgh1.mia.xpc-mi.http > TIME_WAIT > tcp 0 0 eeyore1.1886 vdgh1.mia.xpc-mi.http > TIME_WAIT > tcp 0 0 eeyore1.1885 vdgh1.mia.xpc-mi.http > TIME_WAIT > tcp 0 0 eeyore1.1884 vdgh1.mia.xpc-mi.http > TIME_WAIT > tcp 0 0 eeyore1.1883 vdgh1.mia.xpc-mi.http > TIME_WAIT > tcp 0 0 eeyore1.1882 vdgh1.mia.xpc-mi.http > TIME_WAIT > tcp 0 0 eeyore1.1881 vdgh1.mia.xpc-mi.http > TIME_WAIT > tcp 0 0 eeyore1.1880 vdgh1.mia.xpc-mi.http > TIME_WAIT > tcp 0 0 eeyore1.1879 vdgh1.mia.xpc-mi.http > TIME_WAIT > tcp 0 0 eeyore1.1878 vdgh1.mia.xpc-mi.http > TIME_WAIT > tcp 0 0 eeyore1.1877 vdgh1.mia.xpc-mi.http > TIME_WAIT > tcp 0 0 eeyore1.1875 vdgh1.mia.xpc-mi.http > TIME_WAIT > tcp 0 0 eeyore1.1874 vdgh1.mia.xpc-mi.http > TIME_WAIT > tcp 0 0 eeyore1.1873 vdgh1.mia.xpc-mi.http > TIME_WAIT > tcp 0 0 eeyore1.1872 vdgh1.mia.xpc-mi.http > TIME_WAIT > tcp 0 0 eeyore1.1871 vdgh1.mia.xpc-mi.http > TIME_WAIT > tcp 0 0 eeyore1.1870 vdgh1.mia.xpc-mi.http > TIME_WAIT > tcp 0 0 eeyore1.1869 vdgh1.mia.xpc-mi.http > TIME_WAIT > tcp 0 0 eeyore1.1868 vdgh1.mia.xpc-mi.http > TIME_WAIT > tcp 0 0 eeyore1.1867 vdgh1.mia.xpc-mi.http > TIME_WAIT > tcp 0 0 eeyore1.1866 vdgh1.mia.xpc-mi.http > TIME_WAIT > tcp 0 0 eeyore1.1865 vdgh1.mia.xpc-mi.http > TIME_WAIT > tcp 0 0 eeyore1.1864 vdgh1.mia.xpc-mi.http > TIME_WAIT > tcp 0 0 eeyore1.1810 64.14.52.217.http > CLOSE_WAIT > tcp 0 0 eeyore1.http c22680-a.roalok1.3588 > ESTABLISHED > tcp 0 0 eeyore1.982 bell.ssh > ESTABLISHED > tcp 0 0 eeyore1.49155 *.* LISTEN > tcp 0 0 eeyore1.http *.* LISTEN > udp 0 0 eeyore.netbios-dgm *.* > > I don't know what this vdgh1 is. > > > ========================================================= > Jim Freeze > jim@freeze.org > --------------------------------------------------------- > No comment at this time. > http://www.freeze.org > ========================================================= > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > ========================================================= Jim Freeze jim@freeze.org --------------------------------------------------------- No comment at this time. http://www.freeze.org ========================================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.32.0108072252310.23744-100000>