Free: [ Guestbook || MessageBot || Plugins || Counter || AusPrices || Advertise ]
|
[
Bloke.com
|| Linux
|| JavaScript
|| Java
|| Volleyball
|| Link Me
]
Free: [ Guestbook || MessageBot || Plugins || Counter || AusPrices || Advertise ] |
|
So you can see from the graph that it's around 100k bits/second or around 10k/second.
I tried firewalling everything, shutting down all the services, but the packets kept coming. Cyber suggested tcpdump, so (as root):
tcpdump -c 10 > tcpdump.outto get: I removed some entries
05:29:51.149736 66.28.33.192.1031 > reserved-multicast-range-NOT-delegated.example.com.ms-sql-m: udp 376 [ttl 1] 05:29:51.149987 66.28.33.192.1031 > 227.7.242.73.ms-sql-m: udp 376 [ttl 1] 05:29:51.150478 66.28.33.192.1031 > 239.45.106.74.ms-sql-m: udp 376 [ttl 1] 05:29:51.150975 66.28.33.192.1031 > 235.62.176.254.ms-sql-m: udp 376 [ttl 1] 05:29:51.153068 66.28.33.192.1031 > 235.17.62.111.ms-sql-m: udp 376 [ttl 1] 05:29:51.154165 66.28.33.192.1031 > 227.221.26.40.ms-sql-m: udp 376 [ttl 1]and a search on google (and a better search from tigert), yielded the problem. It was the SQL Slammer worm. Annoys me because this security alert was from 4 months ago, and the original patch was posted 10 months ago. Since it's relatively small on the bandwidth, I'll just ignore it for the time being.
Last Change: Monday, 10-Jan-2005 07:41:02 EST
Disclaimer
The information provided within these pages is provided AS IS, and without any
warranty. Following these directions may (but not limited to)
crash your computer, delete all the information on your hard disk, open up security holes or cause your house to burn down.
I made these pages to provide some information about the setup that I have done,
but I did not proofread it for correctness, and in most cases did not test it.
There are commands in these pages that would definately delete or corrupt all
the data on your computer (especially the dualboot section). In fact it happened
to me....
So you are on your own!