LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-01-2014, 03:45 PM   #1
postcd
Member
 
Registered: Oct 2013
Posts: 527

Rep: Reputation: Disabled
ffff in netstat output, denial of service?


Hello, im pretty sure someone is dossing my VPS or a website on it.

the netstat sfows ffff port connections, but no IP behind it, it tried to disable ipv6 networking, but it still affect server?

Quote:
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
netstat -tuna | awk -F':+| +' 'NR>2{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
127
127 ffff
i trimmed output to show only ffff result..
in /etc/sysconfig/network

is:
Quote:
NETWORKING_IPV6="yes"
IPV6_DEFAULTDEV="venet0"
so i add to no, and restarted network service, change was preserver, then after reboot of VPS, it was ipv6 again. its openvz centos 5 vps.

// update, that networking probably wont work to be stopped i commented out ::1 line from /etc/hosts, but ffff connections still there

Last edited by postcd; 10-01-2014 at 04:14 PM.
 
Old 10-03-2014, 02:38 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
can you not just show us the actual netstat output, rather than filtering it though a bunch of Bash?

Either way, it's just the formatting of netstat, printing ipv4 addresses in an ipv6 format. it's nothing interesting I'm sure.
 
Old 10-05-2014, 07:05 AM   #3
postcd
Member
 
Registered: Oct 2013
Posts: 527

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by acid_kewpie View Post
can you not just show us the actual netstat output
it is
Quote:
Proto Recv-Q Send-Q Local Address
tcp 0 0 ::1:49840 ::1:http TIME_WAIT
tcp 0 0 ::1:49827 ::1:http TIME_WAIT
other connections are casual http ones...
but it is a few days now after attack..
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
denial of service attack.....pls kmoney82 Linux - Newbie 1 08-30-2012 11:39 AM
Faillog- Denial of Service Attack Possible? dman777 Linux - Security 3 09-04-2011 07:23 AM
y2kupdate denial of service vulnerability Protector Linux - Security 1 11-15-2009 02:44 AM
Troubleshooting Denial of Service vbsaltydog Linux - General 4 07-24-2008 11:51 PM
Denial Of Service Attacks Ozzman Mandriva 13 11-13-2003 12:59 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:08 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration