[GRLUG] Rogue packet triggering reboot!
Adam Tauno Williams
awilliam at whitemice.org
Mon Oct 17 16:54:56 EDT 2016
On Mon, 2016-10-17 at 14:52 -0500, L. V. Lammert wrote:
> This SEEMS to indicate that a packet received on a public IF that has
> no open ports triggered a reboot:
> Oct 14 17:31:36 <machine> kernel: IPv4: martian source 184.108.40.206
> from 220.127.116.11, on dev br3
> Oct 14 17:31:36 <machine> kernel: ll header: 00000000: 00 e0 81 cd 21
> b1 00 b0 c2 88 54 1c 08 00 ....!.....T...
> Oct 14 17:31:44 <machine> systemd: Received SIGINT.
> <reboot in process>
A full EIGHT SECONDS later? I would not automatically correlate these
If the interface has no open ports why not discard all inbound traffic?
Do either of those two IP addresses mean anything to you?
> OpenSuSE 42.1, .. host and five VMs.
> This server has been rebooting at random times, .. I finally got into
> BIOS and set BMC to reboot instead of shutdown (so it doesn't just go
> to sleep, but it still is frustrating.
> Any thoughts on troubleshooting?
Increase logging to an external syslog receiver.
Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA
More information about the grlug