Hey All,
I have searched high and low to figure this problem out, to no avail. For about a week, one of my pbx’s starts transmitting packets to the point of maxing out my bandwidth. This box has been running for almost a year with no problems. If I restart the box, it corrects it self but the packets it is transmitting start increasing in about 2-3 hours it get to the maxed out state. during this time the system becomes more and more unusable. When we max an outgoing call the voice chops really bad. Now during this time there are no phone calls going on. Any ideas on where to look would be greatly appreciated!
Please excuse my ignorance, i have not dealt with captures before. Here is a txt dump of some of them, I do not know how to view the full dump since it looks like it was not dumped to a file. http://slipstreamelectronics.com/Pictures/dump.txt
Looks like something is being transmitted to a bunch of different ip addresses on port 123… not sure what this is used for. Was box possibility hacked?
123 both TCP and UDP are normally used for ntp service, it is often used for trojans/botnets
If you haven’t set up your ntpd server to only service your LAN you should, but I suspect you have been “rooted” and thjere is something bogus running on your machine
lsof -i UDP:123
and
lsof -i TCP:123
should identify the process serving that port.
pidof -s (the first column) should agree with the second column.
Check /tmp for bogus stuff and cron jobs that you don’t know about.
But ultimately, if you are running without any prophylactic firewall/ids in place you really need to fix that.