Runaway kernel? Or an attack?

Andresen, Jason R. jandrese at
Thu Oct 19 14:17:28 UTC 2006

I would have thought so too excep that it's always a different host.
It's usually inside of Verizon though. 

>-----Original Message-----
>From: Chuck Swiger [mailto:cswiger at] 
>Sent: Wednesday, October 18, 2006 4:33 PM
>To: Andresen, Jason R.
>Cc: freebsd-stable at
>Subject: Re: Runaway kernel? Or an attack?
>On Oct 18, 2006, at 1:07 PM, Andresen, Jason R. wrote:
>> Ok, I have a recurring problem with my webserver.  Once a 
>day or so it
>> gets locked into a loop with some random server usually somewhere  
>> in my
>> ISP.  When it does this, it spends all of its time spitting out  
>> packets
>> and getting FIN, ACKs back.
>> Shutting down the HTTP server doesn't stop the traffic.  I have to
>> create firewall rules to block the outgoing traffic to stop it.
>Frankly, this sounds more like the random remote host has been  
>compromised, rather than your machine, and it is scanning the network

>for other hosts to attack.  What URLs are being requested (check the  
>http logs)?
>> Here's a short tcpdump of the traffic when it happens, these packets
>> are going out at a rate of thousands per second.  The
>> the local host and is the apparently random victim:
>I'd talk to and ask them what is going on from their side

>with that host...

More information about the freebsd-stable mailing list