[H-GEN] bombardment

Martin C mczaplej at bigpond.net.au
Mon Mar 11 22:35:46 EST 2002 

[ Humbug *General* list - semi-serious discussions about Humbug and  ]
[ Unix-related topics.  Please observe the list's charter.           ]
[ Worthwhile understanding: http://www.humbug.org.au/netiquette.html ]

Greetings all,


I havent posted here for a while, but Im always reading the posts people
make and savouring the good info that passess through this mailing list.
Finally I find myself with an issue thats got me stumped (this happens
several times a day :)

Ive got a Debian box with on a Micro Pentium 233mmx with 128 mb of ram. This
box has 2 nics and acts as my router, firewall,samba, squid, mysql and web
server. Everything is seemingly fine, but for one thing. The machine slows
down considerable at various times, and the load goes up to 0.90 for no
apparent reason, remote X applications on my Windows box time out, and
Webmin is very very slow. At times, I telnet in, and manually shut down
services such as sendmail, squid, webmin etc. but this doesnt solve the
problem, the load remains 0.90.
This is very annoying. In the past I had an indentical setup on a Dell
166mmx with 64mb of EDO ram and never had any slow down issues, therefore I
am puzzled.
Careful log examination reveals a 10.192.52.1 node trying to access my
machine constantly and being rejected by the kernel - could this have an
adverse effect on the machines performance?

Log extract from a few minutes ago:
Mar 12 12:54:26 sugar kernel: Packet log: input DENY eth1 PROTO=17
10.192.52.1:67 255.255.255.255:68 L=349 S=0x00 I=10187 F=0x0000 T=255 (#61)
Mar 12 12:54:41 sugar kernel: Packet log: input DENY eth1 PROTO=17
10.192.52.1:67 255.255.255.255:68 L=349 S=0x00 I=10198 F=0x0000 T=255 (#61)
Mar 12 13:00:17 sugar kernel: Packet log: input DENY eth1 PROTO=17
10.192.52.1:67 255.255.255.255:68 L=349 S=0x00 I=10442 F=0x0000 T=255 (#61)
Mar 12 13:00:21 sugar kernel: Packet log: input DENY eth1 PROTO=17
10.192.52.1:67 255.255.255.255:68 L=372 S=0x00 I=10448 F=0x0000 T=255 (#61)
Mar 12 13:00:21 sugar kernel: Packet log: input DENY eth1 PROTO=17
10.192.52.1:67 255.255.255.255:68 L=372 S=0x00 I=10451 F=0x0000 T=255 (#61)
Mar 12 13:00:21 sugar kernel: Packet log: input DENY eth1 PROTO=17
10.192.52.1:67 255.255.255.255:68 L=349 S=0x00 I=10452 F=0x0000 T=255 (#61)
Mar 12 13:00:30 sugar kernel: Packet log: input DENY eth1 PROTO=17
10.192.52.1:67 255.255.255.255:68 L=349 S=0x00 I=10461 F=0x0000 T=255 (#61)
Mar 12 13:00:47 sugar kernel: Packet log: input DENY eth1 PROTO=17
10.192.52.1:67 255.255.255.255:68 L=349 S=0x00 I=10468 F=0x0000 T=255 (#61)
Mar 12 13:04:42 sugar kernel: Packet log: input DENY eth1 PROTO=17
10.192.52.1:67 255.255.255.255:68 L=372 S=0x00 I=10618 F=0x0000 T=255 (#61)
Mar 12 13:04:42 sugar kernel: Packet log: input DENY eth1 PROTO=17
10.192.52.1:67 255.255.255.255:68 L=372 S=0x00 I=10620 F=0x0000 T=255 (#61)
Mar 12 13:04:42 sugar kernel: Packet log: input DENY eth1 PROTO=17
10.192.52.1:67 255.255.255.255:68 L=372 S=0x00 I=10622 F=0x0000 T=255 (#61)
Mar 12 13:04:42 sugar kernel: Packet log: input DENY eth1 PROTO=17
10.192.52.1:67 255.255.255.255:68 L=372 S=0x00 I=10623 F=0x0000 T=255 (#61)
Mar 12 13:04:45 sugar kernel: Packet log: input DENY eth1 PROTO=17
10.192.52.1:67 255.255.255.255:68 L=372 S=0x00 I=10627 F=0x0000 T=255 (#61)
Mar 12 13:04:46 sugar kernel: Packet log: input DENY eth1 PROTO=17
10.192.52.1:67 255.255.255.255:68 L=372 S=0x00 I=10629 F=0x0000 T=255 (#61)
Mar 12 13:06:26 sugar kernel: Packet log: input DENY eth1 PROTO=17
10.192.52.1:67 255.255.255.255:68 L=349 S=0x00 I=10711 F=0x0000 T=255 (#61)
Mar 12 13:06:31 sugar kernel: Packet log: input DENY eth1 PROTO=17
10.192.52.1:67 255.255.255.255:68 L=349 S=0x00 I=10713 F=0x0000 T=255 (#61)
Mar 12 13:06:37 sugar kernel: Packet log: input DENY eth1 PROTO=17
10.192.52.1:67 255.255.255.255:68 L=349 S=0x00 I=10720 F=0x0000 T=255 (#61)
Mar 12 13:06:53 sugar kernel: Packet log: input DENY eth1 PROTO=17
10.192.52.1:67 255.255.255.255:68 L=349 S=0x00 I=10727 F=0x0000 T=255 (#61)
Mar 12 13:10:20 sugar kernel: Packet log: input DENY eth1 PROTO=17
10.192.52.1:67 255.255.255.255:68 L=372 S=0x00 I=10873 F=0x0000 T=255 (#61)
Mar 12 13:10:20 sugar kernel: Packet log: input DENY eth1 PROTO=17
10.192.52.1:67 255.255.255.255:68 L=372 S=0x00 I=10875 F=0x0000 T=255 (#61)

the above took a full minute to view in Webmin interface?????
Whats even more puzzling Ive just realised, is that eth1 is the internal
interface!!! could this be a security breach?

any suggestions and ideas would be very appreciated,


kind regards,


Martin.


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.

More information about the General mailing list