Emailbom op onze server?

Thomas VDB · 29 jan 2005, 11:46

Gisteren is onze server (10.0.0.2) ong. een uur continu tussen 80 en 100% cpu aan 't draaien geweest. Netwerkperformance ging helemaal plat.Heb 'm herstart en was terug in orde.
Kon niet vinden wat 't probleem was.
Hebben ADSL modem => firewall => switch => 10 PC's + server

log van onze firewall :
01/28/2005 16:23:05.160 The cache is full; too many open connections; some will be dropped
source :10.0.0.2, 29574, LAN
destination :212.239.168.19, 135, WAN
01/28/2005 16:25:19.176 The cache is full; too many open connections; some will be dropped
source : 10.0.0.2, 8, LAN
destination : 195.130.132.18, 8, WAN
01/28/2005 16:27:28.128 The cache is full; too many open connections; some will be dropped 10.0.0.2, 32050, LAN 212.239.177.137, 135, WAN
01/28/2005 16:28:54.912 The cache is full; too many open connections; some will be dropped 10.0.0.2, 32901, LAN 212.239.180.197, 135, WAN
01/28/2005 16:31:03.528 The cache is full; too many open connections; some will be dropped 10.0.0.2, 34186, LAN 212.239.185.142, 135, WAN

en zo maar verder...

What the hell was dit?

Akira · 29 jan 2005, 15:27

iemand die p2p aan het gebruiken was?

Joe Sixpack · 31 jan 2005, 22:39

Thomas VDB schreef:Gisteren is onze server (10.0.0.2) ong. een uur continu tussen 80 en 100% cpu aan 't draaien geweest. Netwerkperformance ging helemaal plat.Heb 'm herstart en was terug in orde.
Kon niet vinden wat 't probleem was.
Hebben ADSL modem => firewall => switch => 10 PC's + server

log van onze firewall :
01/28/2005 16:23:05.160 The cache is full; too many open connections; some will be dropped
source :10.0.0.2, 29574, LAN
destination :212.239.168.19, 135, WAN
01/28/2005 16:25:19.176 The cache is full; too many open connections; some will be dropped
source : 10.0.0.2, 8, LAN
destination : 195.130.132.18, 8, WAN
01/28/2005 16:27:28.128 The cache is full; too many open connections; some will be dropped 10.0.0.2, 32050, LAN 212.239.177.137, 135, WAN
01/28/2005 16:28:54.912 The cache is full; too many open connections; some will be dropped 10.0.0.2, 32901, LAN 212.239.180.197, 135, WAN
01/28/2005 16:31:03.528 The cache is full; too many open connections; some will be dropped 10.0.0.2, 34186, LAN 212.239.185.142, 135, WAN

en zo maar verder...

What the hell was dit?

mmmz poort 135 open.
TCP port 135 poort open = Microsoft Remote Procedure Call (RPC) ~ MSblaster worm: checkt u clients eens