LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-29-2006, 10:48 AM   #1
chandramani
LQ Newbie
 
Registered: Mar 2005
Location: New Delhi
Posts: 3

Rep: Reputation: 0
Excessive Outbound Traffic


Hi All ,
could anybody help me on this , i have check log

UDP: bad checksum. From 83.213.210.58:63744 to 67.18.242.90:421 ulen 1032
NET: 9 messages suppressed.
UDP: bad checksum. From 83.213.210.58:5635 to 67.18.242.90:543 ulen 1032
NET: 8 messages suppressed.
UDP: bad checksum. From 83.213.210.58:60160 to 67.18.242.90:387 ulen 1032
sending pkt_too_big (len[1500] pmtu[1476]) to self
sending pkt_too_big (len[1500] pmtu[1476]) to self
sending pkt_too_big (len[1500] pmtu[1476]) to self
sending pkt_too_big (len[1500] pmtu[1476]) to self
sending pkt_too_big (len[1500] pmtu[1476]) to self
NET: 1 messages suppressed.
221.113.129.50 sent an invalid ICMP error to a broadcast.
sending pkt_too_big (len[1500] pmtu[1476]) to self
sending pkt_too_big (len[1500] pmtu[1476]) to self
sending pkt_too_big (len[1500] pmtu[1476]) to self
application bug: perl(8735) has SIGCHLD set to SIG_IGN but calls wait().
(see the NOTES section of 'man 2 wait'). Workaround activated.
application bug: perl(8735) has SIGCHLD set to SIG_IGN but calls wait().
(see the NOTES section of 'man 2 wait'). Workaround activated.
application bug: perl(8735) has SIGCHLD set to SIG_IGN but calls wait().

Regards
Chandra
 
Old 01-29-2006, 11:03 AM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
From your log messages, it looks like the system is sending mangled packets, but whether that's due to a problem with the network interface or something malicious is unclear. There only appears to be a few messages though, which doesn't explain why you have excessive outbound traffic.

I'd start by firing up ethereal or tcpdump and getting a sample of some of the traffic and see if you can identify the type of traffic and destination.

Also, as root take a listing of current processes running on the system (use ps aux | tee log) and of current networking sockets (netstat -pantu | tee -a log).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
outbound web traffic load balancing across multiple nics univaco Linux - Networking 5 01-21-2009 01:25 PM
Logging All Incoming / Outbound Traffic technick Linux - Security 1 10-24-2005 02:32 PM
Spike in outbound traffic- where to look? htmlcoder Linux - Security 3 03-19-2005 03:13 PM
snort logging all outbound traffic as port-scan? Pcghost Linux - Security 3 04-20-2004 01:12 PM
Force outbound reply traffic to reuse inbound non-gw NIC? Jon- Linux - Networking 2 03-05-2002 04:50 PM


All times are GMT -5. The time now is 05:19 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration