Has my fedora 18 installation been hacked?
Ed.Greshko at greshko.com
Fri Mar 15 09:46:59 UTC 2013
On 03/15/13 17:05, Georgios Petasis wrote:
> Hi all,
> I have a small server that I have recently upgraded to fedora 18. After a while, I got notified by
> the provider that their firewall catches thousands of requests, with the following error message:
> *Source IP*: ellogon-SKEL
> *Source Port*: 35442
> *Destination IP*: 184.108.40.206
> *Destination Port*: 53
> *Description*: Dropped UDP DNS request from dmz:ellogon-SKEL/35442 to outside:220.127.116.11/53; packet length 1400 bytes exceeds configured limit of 512 bytes
> I have verified all packages (with rpm -Va), and didn't see anything strange.
> It is strange that the machine is trying to contact a server in USA, isn't it?
> Is there anything else to do, than re-installing the machine?
> (Unfortunately, due to the huge load it creates to their firewall, they remove the network cord from the server, so I have a few hours to debug this...)
Is the destination IP address a single IP address or are there others.
Is your system running a DNS server? If you are running one, is it supposed to be servicing requests from the Internet? If it is supposed to be taking requests from the Internet, have you made sure to configure such that recursion is disabled.
>From now on, at least during winter time, Im going to blame all spelling an grammar erros on the cat sitting on my chest every time I sit down at the computer....
More information about the users