> As a lot of people recommended using tcpdump, here it is. The only > thing that stands out, are hundreds and thousands of lines like this: > > 13:45:49.991592 IP 82.165.252.222.36887 > ns1.galandrex.ee.43077: UDP, > length 9216 > 13:45:49.996482 IP 82.165.252.222.36887 > ns1.galandrex.ee.33803: UDP, > length 9216 > 13:45:50.001174 IP 82.165.252.222.36887 > ns1.galandrex.ee.63574: UDP, > length 9216 > 13:45:50.005955 IP 82.165.252.222.36887 > ns1.galandrex.ee.36618: UDP, > length 9216 > 13:45:50.010749 IP 82.165.252.222.36887 > ns1.galandrex.ee.48231: UDP, > length 9216 > > That IP resolves to u15194704.onlinehome-server.com. Seems to be a > german ISP. After five seconds the capture.out file was already > 2.8MB. You can see the file here: https://89.219.136.126/capture.out > > Thank you again to all the nice people who contacted me. And again, > it would be nice if you could send me a copy of your reply, because > I'm not a member of the list (either reply or cc to [EMAIL PROTECTED]). > Thanks!
Looks like a case of DDoS indeed. The node's DNS A-record better be left pointing to the old IP#, and the IP address changed. > Joel V. [SorAlx] ridin' VS1400 _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
