I would have thought so too excep that it's always a different host. It's usually inside of Verizon though.
>-----Original Message----- >From: Chuck Swiger [mailto:[EMAIL PROTECTED] >Sent: Wednesday, October 18, 2006 4:33 PM >To: Andresen, Jason R. >Cc: [email protected] >Subject: Re: Runaway kernel? Or an attack? > >On Oct 18, 2006, at 1:07 PM, Andresen, Jason R. wrote: >> Ok, I have a recurring problem with my webserver. Once a >day or so it >> gets locked into a loop with some random server usually somewhere >> in my >> ISP. When it does this, it spends all of its time spitting out >> packets >> and getting FIN, ACKs back. >> >> Shutting down the HTTP server doesn't stop the traffic. I have to >> create firewall rules to block the outgoing traffic to stop it. > >Frankly, this sounds more like the random remote host has been >compromised, rather than your machine, and it is scanning the network >for other hosts to attack. What URLs are being requested (check the >http logs)? > >> Here's a short tcpdump of the traffic when it happens, these packets >> are going out at a rate of thousands per second. The 192.168.42.2 is >> the local host and 192.76.86.83 is the apparently random victim: > >I'd talk to verizon.com and ask them what is going on from their side >with that host... > >-- >-Chuck > > _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
