[BUGS] fxp0 4min DOWN/UP cycle
Jerahmy Pocott
quakenet1 at optusnet.com.au
Tue Jan 15 16:24:50 EST 2008
On 15/01/2008, at 8:57 AM, Edwin Groothuis wrote:
> If the switch has multiple ethernet ports, plug it in something
> different.
>
> Is the problem related to the amount of traffic going over it?
>
> Have you tried a different cable?
Not yet, I plan to try a different port+cable but the whole 4 minutes
exactly between down/up pair really makes me think it's software
related..
It doesn't seem to be related to traffic, although I'm getting a LOT
of login attempts on ssh, but looking at the logs for today the link
went down when no attack was happening?
The attack appears to stop at 11:26:08, the link then goes down at
12:39:04 and the attack resumes at 13:36:11..
Jan 15 11:26:04 beastie sshd[86497]: Invalid user mysql from
193.226.38.34
Jan 15 11:26:08 beastie sshd[86499]: Address 193.226.38.34 maps to
mecanica.ucv.ro, but this does
not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Jan 15 11:26:08 beastie sshd[86499]: Invalid user oracle from
193.226.38.34
Jan 15 12:39:04 beastie kernel: fxp0: link state changed to DOWN
Jan 15 12:39:06 beastie kernel: fxp0: link state changed to UP
Jan 15 12:41:39 beastie kernel: fxp0: link state changed to DOWN
Jan 15 12:41:40 beastie kernel: fxp0: link state changed to UP
Jan 15 13:36:11 beastie sshd[86812]: Did not receive identification
string from 219.238.57.113
Jan 15 13:48:51 beastie sshd[86836]: Invalid user sir from
219.238.57.113
More information about the BUGS
mailing list