[opensuse] SYN flooding on port 6881
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm getting that error in the kernel log, several times, while aria2c is downloading 11.1. Ideas? Should I be worried? Bug? - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAklMHTkACgkQtTMYHG2NR9UiugCeJUIUMSEzBsJToYkyc5QpJpdR RDcAn0Wu4JNXAVlzPo7+pt9cQIwmHacK =yKVJ -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Friday 19 December 2008 17:16:24 Carlos E. R. wrote:
Hi, I'm getting that error in the kernel log, several times, while aria2c is downloading 11.1. Ideas? Should I be worried? Bug? -- Cheers, Carlos E. R.
That port sounds like a bit torrent port, check to see what port aria2c uses, ( use azureus sometimes) could be your answer. Mike -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, 2008-12-19 at 18:07 -0500, ka1ifq wrote:
On Friday 19 December 2008 17:16:24 Carlos E. R. wrote:
Hi, I'm getting that error in the kernel log, several times, while aria2c is downloading 11.1. Ideas? Should I be worried? Bug?
That port sounds like a bit torrent port, check to see what port aria2c uses, ( use azureus sometimes) could be your answer.
Of course that aria2c uses the torrent port, it is documented. The problem is the syn flooding. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAklMLQgACgkQtTMYHG2NR9X0bACbBWrlvQDR/PoMdXwR1u5Umwf5 jPQAn1FtJJTl7Qmag/YP7DnXOrb7uJ7+ =32/I -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Friday 19 December 2008 18:23:49 Carlos E. R. wrote:
On Friday, 2008-12-19 at 18:07 -0500, ka1ifq wrote:
On Friday 19 December 2008 17:16:24 Carlos E. R. wrote:
Hi, I'm getting that error in the kernel log, several times, while aria2c is downloading 11.1. Ideas? Should I be worried? Bug?
That port sounds like a bit torrent port, check to see what port aria2c uses, ( use azureus sometimes) could be your answer.
Of course that aria2c uses the torrent port, it is documented. The problem is the syn flooding.
-- Cheers, Carlos E. R. But of course, it's the others sharing your file. It's probably those trying to get at your file and you already have your limit of connections??
Mike -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, 2008-12-19 at 18:36 -0500, ka1ifq wrote:
Of course that aria2c uses the torrent port, it is documented. The problem is the syn flooding.
But of course, it's the others sharing your file. It's probably those trying to get at your file and you already have your limit of connections??
I don't know what limit uses aria2c, I haven't configured it. All default. But I don't remember seeing this flooding when I used "btdownloadcurses" the previous time. I wondered if I'm the only one seeing this? - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAklMNfAACgkQtTMYHG2NR9UdIwCfSlx8QM5nMtiR0fMyI4hzYby3 ECUAni3sceSDGwmJe7HxkmEwPHGwnNnM =CMFC -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Carlos E. R.
On Friday, 2008-12-19 at 18:36 -0500, ka1ifq wrote:
Of course that aria2c uses the torrent port, it is documented. The problem is the syn flooding.
But of course, it's the others sharing your file. It's probably those trying to get at your file and you already have your limit of connections??
I don't know what limit uses aria2c, I haven't configured it. All default. But I don't remember seeing this flooding when I used "btdownloadcurses" the previous time.
I wondered if I'm the only one seeing this?
I don't see it, and the defaults for aria2c are (iirc) ~/.aria2c/aria2c.conf # sample configuration file for aria2c file-allocation=prealloc listen-port=60000 seed-ratio=5.0 max-upload-limit=50K ftp-pasv=true -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Friday 19 December 2008 06:01:45 pm Carlos E. R. wrote:
On Friday, 2008-12-19 at 18:36 -0500, ka1ifq wrote:
Of course that aria2c uses the torrent port, it is documented. The problem is the syn flooding.
But of course, it's the others sharing your file. It's probably those trying to get at your file and you already have your limit of connections??
I don't know what limit uses aria2c, I haven't configured it. All default. But I don't remember seeing this flooding when I used "btdownloadcurses" the previous time.
I wondered if I'm the only one seeing this?
Check with netstat -tup or netstat -tupn as root user. It will list tcp and udp connections and processes that use them. The -n is only to skip host name resolution. This time I didn't used aria2c, as from earlier download I still have unsolved unknown/unnamed process running as root, showing in netstat list, and I forgot to ask, just as you did. Though, looking in old logs I can't see synflood attack. It could be that router stopped it. Also worth to mention, when logging in freenode IRC server, I had router reporting attack, while it was probe performed by server announced somewhere in information about freenode. -- Regards, Rajko -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Carlos E. R. さんは書きました: | | | Hi, | | I'm getting that error in the kernel log, several times, while aria2c is | downloading 11.1. | | Ideas? Should I be worried? Bug? | An enemy of bittorrent? hostile ISP? hostile upstreamer? I've heard reports of such SYN flooding being done in the past. Can you use wireshark or tcpdump and/or etherape to find the origin? Or set up an iptables rule to log them? | -- Cheers, | Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFJTYVghpL3F+HeDrIRAj+hAJ91RoSIFDSNU9OgPgIkU/4F1oM1CACgpVKS tjGSyY44eyVb9pfOfnMpSuc= =Ncy+ -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (6)
-
Carlos E. R. -
Carlos E. R. -
j debert -
ka1ifq -
Patrick Shanahan -
Rajko M.