Search found 49 matches

by username
2018/02/02 13:33:14
Forum: CentOS 6 - Security Support
Topic: One of my servers is suspected of flooding
Replies: 12
Views: 2368

Re: One of my servers is suspected of flooding

I'd ask them again if they actually know the destination ports as well. It might help narrowing down the problem. Yes, I have asked for more information, telling them the line was truncated. EDIT : Well, they answered that unfortunately they don't have more informations. The server is still up sinc...
by username
2018/02/02 13:21:57
Forum: CentOS 6 - Security Support
Topic: One of my servers is suspected of flooding
Replies: 12
Views: 2368

Re: One of my servers is suspected of flooding

avij wrote:"sports: Dynamic (1024-65535), dports"

Source and destination ports .. but did you or they accidentally leave out the destination ports part?
Yep, they removed it or did a wrong cut/paste... :roll:
by username
2018/02/02 11:13:05
Forum: CentOS 6 - Security Support
Topic: One of my servers is suspected of flooding
Replies: 12
Views: 2368

Re: One of my servers is supsected of flooding

There's an awful lot of DNS activity there but that may be because you haven't told tcpdump to not do dns lookups. Try using -n -nn on the tcpdump to give just ip addresses and numerical port info. OK, now I'm using these parameters on both servers : tcpdump -n -nn -w filename8.pcap -i em1 not host...
by username
2018/02/02 10:39:01
Forum: CentOS 6 - Security Support
Topic: One of my servers is suspected of flooding
Replies: 12
Views: 2368

Re: One of my servers is supsected of flooding

It may also be possible that your server is not compromised, but it is still used for DDoS purposes. One example is that if you run a public ntp server without the usual restrict default limited nomodify notrap nopeer noquery configuration option, bad people can use your server for an amplification...
by username
2018/02/02 10:24:40
Forum: CentOS 6 - Security Support
Topic: One of my servers is suspected of flooding
Replies: 12
Views: 2368

Re: One of my servers is supsected of flooding

I turned off sevral services (ntpd, httpd, mysqld, vsftpd, postfix, fail2ban, munin-node) and changed the credentials. I ran tcpdump on both servers : the secondary one (the one that's potentially compromised) and the main one (configured the same way but hosted by another company). After 15 min run...
by username
2018/02/01 18:27:42
Forum: CentOS 6 - Security Support
Topic: One of my servers is suspected of flooding
Replies: 12
Views: 2368

Re: One of my servers is supsected of flooding

Well, this server is prob lost. I will never know if it's safe. But I wanted to find out where was the breach. If its was caused by an exploit or a misconfiguration. If the other twin server could be attacked the same way. I didn't see anything weird in the logs. Except the vsFTP logs were blank. I'...
by username
2018/02/01 15:54:47
Forum: CentOS 6 - Security Support
Topic: One of my servers is suspected of flooding
Replies: 12
Views: 2368

One of my servers is suspected of flooding

HI, One one my server got suspended and put in rescue mode. The hosting company (online.net) told me it was flooding other servers. I asked for more details but they didn't answer. If I don't succeed solving the issue and reboot the server, they will make me pay a kind of fine to unblock it again. W...
by username
2017/11/15 14:24:16
Forum: CentOS 7 - Software Support
Topic: /bin/mail config
Replies: 8
Views: 1095

Re: /bin/mail config

Ha ! Thanks, I will remember next time.
by username
2017/11/15 13:59:18
Forum: CentOS 7 - Software Support
Topic: /bin/mail config
Replies: 8
Views: 1095

Re: /bin/mail config

Ah ok, I was looking for ps -e | grep postfix

I found nothing so I thought it wasn't running. I didn't know it was running as "master"
by username
2017/11/15 13:36:59
Forum: CentOS 7 - Software Support
Topic: /bin/mail config
Replies: 8
Views: 1095

Re: /bin/mail config

Hi, You are right. But I don't understand why... This server is running CentOS 7 but when I compare it to another server running CentOS 6 : $ sudo netstat -tulpen tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 15695 7638/master I couldn't find out how to solve this so I ended up installing sendmail on Cent...