Dropping Connection

Issues related to configuring your network
alvikashif29
Posts: 3
Joined: 2018/02/04 13:39:21

Dropping Connection

Postby alvikashif29 » 2018/02/05 05:24:27

Hi Everyone,

I have a Centos 7.4.1708 installation on my server which hosts a few KVM instances.

From last week i am facing an issue on my server.

Whenever I connect to server via ssh it just gets disconnected and the ICMP reply get timed out.

However all the VM's installed on the server is accessible and running fine. First I thought it would be some network issue so I changed network cable, switched network ports, update to the latest Centos release and also try stopping firewalld. But the issue is still the same.

Than I thought there was some kind of network crunching going on so I powered off some VM's to see if that resolves the issue, but with no success.

And also there was an incident in my network. Last week when i logged in to my server there were 68 failed login attempts through ssh on the server from other user's Ubuntu Desktop. So i quickly ran

Code: Select all

ps -aef
and found out an unknown script running so I kill that script and deleted it from /tmp folder. I dont remember the name of the script.

I need to resolve this issue by the end of this week.

Please help
Attachments
HMW-VS2_Error.JPG
Error I receive when my ssh gets disconnected.
HMW-VS2_Error.JPG (47.17 KiB) Viewed 238 times
HMW-VS2.JPG
Failed login attempts of last week
HMW-VS2.JPG (37.93 KiB) Viewed 238 times

User avatar
TrevorH
Forum Moderator
Posts: 22600
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Dropping Connection

Postby TrevorH » 2018/02/05 13:18:04

The classic reason for that error is that you have a duplicate ip address on your network. If you take it down and then attempt to ping it from another machine, if it responds then you have a duplicate ip in use.

The other issue is potentially more serious. If this was a root level compromise then you need to back up your data, reinstall the system and restore it.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

alvikashif29
Posts: 3
Joined: 2018/02/04 13:39:21

Re: Dropping Connection

Postby alvikashif29 » 2018/02/06 03:22:19

Thank you for your response.

Actually, it was not an IP issue but a MAC address issue.

Some other VM Player windows machine was having the same MAC address as my server. The same MAC address on the network was causing this issue.

And thanks once again.

For the other issue, you told that i should reinstall the system. Is this really necessary because all the setup that I have done has to be done once again and it will be a very hectic job for me. Is there any other solution to identify that this incident has caused any issue to my server.

Thanks once again.

User avatar
TrevorH
Forum Moderator
Posts: 22600
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Dropping Connection

Postby TrevorH » 2018/02/06 08:28:41

Whether you need to reformat/reinstall is down to whether the attackers had root access. If they did then you can never trust that system ever again and it needs reinstallation. Sorry, but that's the way it is and nothing else is safe. If they didn't have root access then you can probably clean up after them... if you're careful.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

alvikashif29
Posts: 3
Joined: 2018/02/04 13:39:21

Re: Dropping Connection

Postby alvikashif29 » 2018/02/06 08:40:07

I think i should go with re installation, just to be safe.

And thank you for your support.