Runaway kernel? Or an attack?
Andresen, Jason R.
jandrese at mitre.org
Thu Oct 19 14:17:28 UTC 2006
I would have thought so too excep that it's always a different host.
It's usually inside of Verizon though.
>From: Chuck Swiger [mailto:cswiger at mac.com]
>Sent: Wednesday, October 18, 2006 4:33 PM
>To: Andresen, Jason R.
>Cc: freebsd-stable at freebsd.org
>Subject: Re: Runaway kernel? Or an attack?
>On Oct 18, 2006, at 1:07 PM, Andresen, Jason R. wrote:
>> Ok, I have a recurring problem with my webserver. Once a
>day or so it
>> gets locked into a loop with some random server usually somewhere
>> in my
>> ISP. When it does this, it spends all of its time spitting out
>> and getting FIN, ACKs back.
>> Shutting down the HTTP server doesn't stop the traffic. I have to
>> create firewall rules to block the outgoing traffic to stop it.
>Frankly, this sounds more like the random remote host has been
>compromised, rather than your machine, and it is scanning the network
>for other hosts to attack. What URLs are being requested (check the
>> Here's a short tcpdump of the traffic when it happens, these packets
>> are going out at a rate of thousands per second. The 192.168.42.2
>> the local host and 126.96.36.199 is the apparently random victim:
>I'd talk to verizon.com and ask them what is going on from their side
>with that host...
More information about the freebsd-stable