[GRLUG] Rogue packet triggering reboot!
mikemol at gmail.com
Mon Oct 17 16:55:48 EDT 2016
On Monday, October 17, 2016 02:52:52 PM L. V. Lammert wrote:
> This SEEMS to indicate that a packet received on a public IF that has no
> open ports triggered a reboot:
> Oct 14 17:31:36 <machine> kernel: IPv4: martian source 22.214.171.124 from
> 126.96.36.199, on dev br3 Oct 14 17:31:36 <machine> kernel: ll header:
> 00000000: 00 e0 81 cd 21 b1 00 b0 c2 88 54 1c 08 00 ....!.....T...
> Oct 14 17:31:44 <machine> systemd: Received SIGINT.
> <reboot in process>
> OpenSuSE 42.1, .. host and five VMs.
> This server has been rebooting at random times, .. I finally got into
> BIOS and set BMC to reboot instead of shutdown (so it doesn't just go to
> sleep, but it still is frustrating.
> Any thoughts on troubleshooting?
Update drivers? That sounds like something in software corrupting things.
Have a reasonably smart switch you can do port mirroring off of, driving to a
separate capturing node for the purpose of finding if the logged packet is the
same as what's sent on the port mirror?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 455 bytes
Desc: This is a digitally signed message part.
More information about the grlug