Odd network activity.
Having problems with my Debian server...
I just barely finished installing Etch on my server that used to be running Sarge, and a little while after installing ssh, apache2, and vsftpd, the network connection between the server and the router became severely active. I have no clue what it is doing. I've tried stopping apache, vsftpd, and sshd, but it doesn't have any effect. Restarting won't do it either. Does this mean I have to install Etch again?
Just to try and figure this out, I had my router log network activity for a good while.
Incoming log looks like this -
[Source IP] [Protocol] [Destination Port] [Rule]
207.183.174.176 UDP netbios-ns Dropped
207.183.174.176 UDP netbios-ns Dropped
207.183.175.111 UDP netbios-dgm Dropped
207.183.174.176 UDP netbios-ns Dropped
207.183.175.210 UDP netbios-dgm Dropped
207.183.175.210 UDP netbios-ns Dropped
207.183.175.111 UDP netbios-dgm Dropped
207.183.175.196 UDP netbios-ns Dropped
207.183.175.196 UDP netbios-dgm Dropped
207.183.174.176 UDP netbios-ns Dropped
207.183.175.210 UDP netbios-ns Dropped
207.183.175.111 UDP netbios-dgm Dropped
207.183.175.253 UDP netbios-dgm Dropped
207.183.175.210 UDP netbios-ns Dropped
207.183.175.111 UDP netbios-dgm Dropped
207.183.175.253 UDP netbios-dgm Dropped
207.183.175.111 UDP netbios-ns Dropped
207.183.175.253 UDP netbios-dgm Dropped
207.183.175.210 UDP netbios-dgm Dropped
207.183.175.210 UDP netbios-ns Dropped
207.183.175.253 UDP netbios-dgm Dropped
0.0.0.0 UDP bootps Dropped
And the outgoing log contains only activity from me using the internet on a different computer.
Any suggestions? Or should I just start reinstalling linux?
Or is this some kind of attack?
EDIT: I suppose I should give more information...
The network connection has become too busy for SSH to work anymore, but I now have my monitor and keyboard attached, and the only thing about the computer that is slow at all is the network connection.
Also, the IP of the router is 207.183.174.15, and my router (usually, but not at the moment) forwards ports 21 and 80 to my linux server. I would avoid handing out my IP, but you could easily figure it out from the url of my website...
I just barely finished installing Etch on my server that used to be running Sarge, and a little while after installing ssh, apache2, and vsftpd, the network connection between the server and the router became severely active. I have no clue what it is doing. I've tried stopping apache, vsftpd, and sshd, but it doesn't have any effect. Restarting won't do it either. Does this mean I have to install Etch again?
Just to try and figure this out, I had my router log network activity for a good while.
Incoming log looks like this -
[Source IP] [Protocol] [Destination Port] [Rule]
207.183.174.176 UDP netbios-ns Dropped
207.183.174.176 UDP netbios-ns Dropped
207.183.175.111 UDP netbios-dgm Dropped
207.183.174.176 UDP netbios-ns Dropped
207.183.175.210 UDP netbios-dgm Dropped
207.183.175.210 UDP netbios-ns Dropped
207.183.175.111 UDP netbios-dgm Dropped
207.183.175.196 UDP netbios-ns Dropped
207.183.175.196 UDP netbios-dgm Dropped
207.183.174.176 UDP netbios-ns Dropped
207.183.175.210 UDP netbios-ns Dropped
207.183.175.111 UDP netbios-dgm Dropped
207.183.175.253 UDP netbios-dgm Dropped
207.183.175.210 UDP netbios-ns Dropped
207.183.175.111 UDP netbios-dgm Dropped
207.183.175.253 UDP netbios-dgm Dropped
207.183.175.111 UDP netbios-ns Dropped
207.183.175.253 UDP netbios-dgm Dropped
207.183.175.210 UDP netbios-dgm Dropped
207.183.175.210 UDP netbios-ns Dropped
207.183.175.253 UDP netbios-dgm Dropped
0.0.0.0 UDP bootps Dropped
And the outgoing log contains only activity from me using the internet on a different computer.
Any suggestions? Or should I just start reinstalling linux?
Or is this some kind of attack?
EDIT: I suppose I should give more information...
The network connection has become too busy for SSH to work anymore, but I now have my monitor and keyboard attached, and the only thing about the computer that is slow at all is the network connection.
Also, the IP of the router is 207.183.174.15, and my router (usually, but not at the moment) forwards ports 21 and 80 to my linux server. I would avoid handing out my IP, but you could easily figure it out from the url of my website...
Comments
How do I keep my 3Com 905BX (guessing here, that might not be my card) from netbooting?
I'm playing with my BIOS right now to see what I can do.
EDIT: Nothing in the BIOS but NETBOOT for a boot option. I tried turning it on, but it just gave up after a while and booted to my 1st HD. No dice.
I'm going to try and find a spare NIC now....
EDIT AGAIN: It is a 905B-TX, and it is the only one I have on hand... I can't get it to stop. I've taken it out and stuff, it refuses to quit.
EDIT AGAIN AGAIN: I think I fixed my problem. I used a different port on the router, and I also had pulled the card out of the computer for a while. Now investigating to see which thing did it... I'm also going to continue transferring files onto my server via FTP to see if there was an actual cause...
EDIT AGAIN AGAIN AGAIN: Among other things, the transfer LED on my NIC is now brighter... I wonder if it was having slight problems before
LAST EDIT: It's the port on the router....I have no clue how...still investigating. And I'm going to restore the default settings on the router.
Anyway, I don't think I've ever had a question answered on a forum...
Quick recap - Every time I plug anything into port two of my router, it immediatly starts to get pounded.
Log on the router shows netboot packets, even when nothing is plugged into port two, but only port two seems to be affected.
I've restored default settings on the router and I have even reinstalled the firmware, but it still does it...