Snort mailing list archives
OFF-Topic: Digitel Router
From: "Bruno Benchimol a.k.a. Misty MSt" <mistymst () ig com br>
Date: Thu, 6 Feb 2003 21:35:06 -0300
I got a problem with a digitel router. its consuming my bandwidth in a wierdo mode ... like im using MRTG to monitor it, but sometimes it send high peaks of streaming data, and i dont really know why. (my snort box isnt fully operacional) .. but from what i could find there are some FIN_WAIT connections that are consuming kinda high bandwitdht. my connection is a frame relay of a 256k I really dont know how to kill those connections in anyway. this router only got access to web .. so no telnet/command line... im kinda lost... i dont know if that router is being packed... syn flooded or anything like that here is the report from the tcp connections (at least he gives something.) i will put one * on the consuming ones. Conn Remote Address:Port:Local Port/State Send Send Recv Recv Id# Bytes Retries Bytes Retries 26 200.217.176.112:61254:80/Established 5149 0 447 0 27 200.217.176.112:61255:80/Established 0 0 317 0 26 200.217.176.112:61253:80/Time wait 3547 1 319 0 26 200.217.176.112:61252:80/Time wait 2598 1 437 0 26 200.53.184.205:3109:80/FIN wait 2 0 2 0 0 26 200.53.184.205:3089:80/FIN wait 2 0 2 0 0 26 200.53.184.205:3070:80/FIN wait 2 0 2 0 0 26 200.53.184.205:3044:80/FIN wait 2 0 2 0 0 26 200.53.184.205:3026:80/FIN wait 2 0 2 0 0 26 200.53.184.205:2980:80/FIN wait 2 0 2 0 0 26 200.53.184.205:2959:80/FIN wait 2 0 2 0 0 26 200.53.184.205:2936:80/FIN wait 2 0 2 0 0 26 200.53.184.205:2907:80/FIN wait 2 0 2 0 0 27 200.53.184.205:2881:80/FIN wait 2 0 2 0 0 27 200.53.184.205:2852:80/FIN wait 2 0 2 0 0 27 200.53.184.205:2829:80/FIN wait 2 0 2 0 0 26 200.53.184.205:2740:80/FIN wait 2 0 2 0 0 27 200.53.184.205:2807:80/FIN wait 2 0 2 0 0 26 200.53.184.205:2788:80/FIN wait 2 0 2 0 0 26 200.53.184.205:2760:80/FIN wait 2 0 2 0 0 * 26 200.30.203.160:37576:80/FIN wait 1 4294967295 11 0 0 26 217.228.18.70:2400:80/FIN wait 2 0 1 334 0 26 200.164.25.201:3707:80/FIN wait 2 135 1 98 0 26 200.164.25.201:3463:80/FIN wait 2 135 1 97 0 26 200.164.25.201:2458:80/FIN wait 2 135 1 96 0 26 200.164.25.201:1819:80/FIN wait 2 135 1 145 0 26 200.164.25.201:4012:80/FIN wait 2 135 1 97 0 26 200.164.255.42:2200:80/FIN wait 2 135 2 98 0 * 26 200.44.51.150:3536:80/FIN wait 1 4294967295 17 0 1 * 27 194.17.211.132:33397:80/FIN wait 1 4294967295 17 0 0 27 200.164.100.29:3109:80/FIN wait 2 135 1 97 0 27 200.164.100.29:3091:80/FIN wait 2 135 1 97 0 * 27 194.17.211.132:31481:80/FIN wait 1 4294967295 17 0 0 27 200.164.100.29:4563:80/FIN wait 2 135 1 80 0 * 27 200.164.13.149:3227:80/FIN wait 1 4294967295 18 0 1 * 27 200.82.56.177:3088:80/FIN wait 1 4294967295 18 0 1 27 200.164.91.23:3964:80/FIN wait 2 135 1 117 0 27 200.164.91.23:2381:80/FIN wait 2 135 1 97 0 27 200.164.91.23:4011:80/FIN wait 2 135 1 117 0 27 200.164.91.23:1226:80/FIN wait 2 135 1 97 0 27 200.164.91.23:4331:80/FIN wait 2 135 1 80 0 27 200.164.91.23:4834:80/FIN wait 2 135 2 72 0 * 27 147.91.11.72:1228:80/FIN wait 1 4294967295 18 0 2 27 200.164.91.23:1989:80/FIN wait 2 135 1 97 0 27 200.164.19.78:4992:80/FIN wait 2 135 1 96 0 27 200.164.91.23:4175:80/FIN wait 2 135 1 145 0 27 200.164.19.78:3269:80/FIN wait 2 135 1 100 0 27 200.164.91.23:2229:80/FIN wait 2 135 1 70 0 27 200.164.91.23:1575:80/FIN wait 2 135 1 117 0 27 200.164.140.202:2201:80/FIN wait 2 0 2 0 0 27 80.200.179.241:4226:80/FIN wait 2 0 1 4 0 27 200.164.91.23:1661:80/FIN wait 2 135 1 117 0 27 200.164.91.23:4716:80/FIN wait 2 135 1 117 0 27 200.164.91.23:2127:80/FIN wait 2 135 1 96 0 27 200.164.142.221:2404:80/FIN wait 2 0 5 0 0 27 200.164.142.221:2301:80/FIN wait 2 0 5 0 0 27 210.176.58.193:23410:80/Closing 34 2143 18 0 27 63.194.68.53:2330:80/Closing 34 2449 18 0 27 63.194.68.53:2979:80/Closing 34 2245 18 0 * 27 200.201.111.176:3386:80/FIN wait 1 4294967295 21 0 1 27 63.145.237.13:2269:80/FIN wait 2 0 1 0 0 27 24.61.88.177:23641:80/FIN wait 1 0 2617 43 0 27 66.82.117.36:3284:80/FIN wait 2 135 1 1024 0 27 200.85.175.104:4237:80/Closing 34 2551 96 0 27 200.164.248.45:4079:80/FIN wait 2 135 1 80 0 27 200.164.248.45:4017:80/FIN wait 2 0 2 0 0 27 200.164.248.45:4706:80/FIN wait 2 135 1 80 0 27 200.164.248.45:4493:80/FIN wait 2 135 1 70 0 27 200.164.248.45:3067:80/FIN wait 2 135 1 117 0 27 200.164.248.45:3503:80/FIN wait 2 135 2 96 0 27 200.164.248.45:4989:80/FIN wait 2 135 1 117 0 27 200.164.248.45:4536:80/FIN wait 2 135 1 97 0 27 200.164.248.45:3104:80/FIN wait 2 135 1 70 0 27 200.164.248.45:4324:80/FIN wait 2 0 1 0 0 27 200.164.248.45:4743:80/FIN wait 2 135 1 70 0 27 200.164.248.45:4583:80/FIN wait 2 0 2 0 0 27 200.164.248.45:4435:80/FIN wait 2 135 1 117 0 Any Help is appreciated thanks in advance, ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- OFF-Topic: Digitel Router Bruno Benchimol a.k.a. Misty MSt (Feb 06)