Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Network issues... Feels like I am being DOS'd
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
matart
n00b
n00b


Joined: 30 Mar 2015
Posts: 5

PostPosted: Mon Mar 30, 2015 7:26 pm    Post subject: Network issues... Feels like I am being DOS'd Reply with quote

In the past 2 days my systems network has been running slow. It is a powerful systems with a 60 Mbps connection. This is my personal computer.

I looked at dmesg and saw the following:

Code:
nf_conntrack: table full, dropping packet


A quick google and I see this is what people get when they have too many connections. This is my personal computer not a big web server.

I ran the following
Code:
/sbin/sysctl net.netfilter.nf_conntrack_count
net.netfilter.nf_conntrack_count = 849303


If I turn off my network this obvisouly dies. but after turning it back on after 5 minutes I jump up to this number. (it is so high because I thought I just needed an increase).

I now look through htop and see that my cpu is running hard (see attached imgur) with a process running
Code:
cat resolv.conf


This looks fishy to me. I next install nethogs and see (see second photo) that I am sending out a bunch of data to random ips with random ports. I have turned off deluge, plex, nginx, mysql. I can not find what is sending this data.

HERE ARE THE PHOTOS

http://imgur.com/a/Nmh5Y

Any help is greatly appreciated.
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7230
Location: almost Mile High in the USA

PostPosted: Mon Mar 30, 2015 8:07 pm    Post subject: Reply with quote

Your console-kit-daemon is going bonkers too...

Do you see your /proc/interrupts count numbers for your Ethernet interrupts going through the roof too?
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
matart
n00b
n00b


Joined: 30 Mar 2015
Posts: 5

PostPosted: Mon Mar 30, 2015 8:49 pm    Post subject: Reply with quote

It seems I am being used as a node for a DDOS. Any idea on how I can remove it.

If I kill the process then it will restart under a different name.

It will also remove itself.

How can I track down what is monitoring these processes.
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7230
Location: almost Mile High in the USA

PostPosted: Mon Mar 30, 2015 9:26 pm    Post subject: Reply with quote

If your machine was truly compromised I'd suggest you reinstall from scratch. There's really not much other way to ensure you're clean from hacking...

Not sure why console-kit-daemon forked so many times, should only be there once... Actually perhaps this is normal for htop, I've never used this before...

/etc/resolv.conf should be a fairly short file, not sure why it's taking that much cpu time...
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 5913

PostPosted: Tue Mar 31, 2015 5:53 pm    Post subject: Reply with quote

eccerr0r wrote:
Not sure why console-kit-daemon forked so many times, should only be there once... Actually perhaps this is normal for htop, I've never used this before...

/etc/resolv.conf should be a fairly short file, not sure why it's taking that much cpu time...

htop can show threads, that's normal.

A `cat` process with five child threads taking 130% cpu is not normal. That box is rooted, disconnect it from the net immediately, nuke it with DBAN and reinstall.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum