Are you running a publicly available ntp service? If so, that's being exploited as of late to form ddos botnets which you may have unwittingly become a member of. Ntpd when publicly accessible can be used for reflection attacks as part of a ddos as mentioned by lukreme, large floods of udp traffic coming from your server would be one indication that this may be what's taking place.
On Tue, Feb 4, 2014 at 1:12 PM, David Herren <[email protected]> wrote: > Greetings- > > I've been having some issues with large amounts of outbound traffic being > generated by my OSX Server (all latest updates on Mavericks) on UDP ports > (2 TB since Jan 20). This is reeking havoc on my router. > > I don't see any evidence of having been p0wned, but I am not a security > forensics kind of guy (I'm a high school teacher...) > > I've tried to see where this traffic is going and identified these two IP > addresses which don't seem to resolve to anything: > > > 192.27.80.161:55747 > > 95.172.65.81:5132 > > Do those look at all familiar? I do have a pretty large media library > which would be uploaded to iCloud, but I can't think of anything else that > would generate this volume of traffic. > > Any suggestions? > > > /david > > -- > david herren-lage - shoreham, vt us na terra solsys orionarm > > Sometimes when you fill a vacuum, it still sucks. > (kind of like the Bush presidency...) > > > > _______________________________________________ > MacOSX-admin mailing list > [email protected] > http://www.omnigroup.com/mailman/listinfo/macosx-admin > -- Best Regards, John Musbach _______________________________________________ MacOSX-admin mailing list [email protected] http://www.omnigroup.com/mailman/listinfo/macosx-admin
