[emanicslab] Suspicious Activity on EmanicsLab nodes host1-plb.loria.fr and host2-plb.loria.fr
Andri Lareida
lareida at ifi.uzh.ch
Thu Dec 19 09:19:09 CET 2013
Dear David,
As far as I understand, the log file shows incomming connections. I'm
testing a BitTorrent Tracker crawler at the moment. For that the node
announces itself to several BitTorrent Tracker to get IPs. This also
means that the IP of the EmanicsLab node will be on the Tracker and
other hosts might try to connect to it. Since no BitTorrent client is
running on the node, no connection can be established. Therefore, I can
not explain that the flows have KB sizes. The node also joins the
BitTorrent DHT what might result in incomming connections.
Some more detailed information on ports and transport protocol would
help finding an answer.
Regards
Andri
Am 18.12.2013 18:59, schrieb David Hausheer:
> Dear EmanicsLab users,
>
> we have some suspicious activity ongoing on EmanicsLab nodes
> host1-plb.loria.fr and host2-plb.loria.fr
>
> Since those of you addressed explicitly in the Email header are
> running experiments including those nodes, I would like to understand
> if the traffic originates from any of your slices.
>
> Thus, please take a look at the attached log file, and let me know if
> the hostnames are familiar to you. It may also be that one of your
> slices has been hacked, in which case we would need to disable it.
>
> Thus, please inform me as soon as possible if
>
> a) you know that your slice IS the source of those connections
> b) you know that your slice is NOT the source of those connections
> c) you don't know (your slice may be hacked)
>
> Thanks you and best regards
> David
>
> On 18.12.2013 16:09, Emmanuel Nataf wrote:
>> Hello,
>>
>> The hosts : host1-plb.loria.fr <http://host1-plb.loria.fr/> and
>> host2-plb.loria.fr <http://host2-plb.loria.fr/> are down for security
>> reason.
>> Since last week a very large amount of connexions, coming from
>> everywhere (and probably not all registered nodes) threaten our
>> firewall.
>> I join the firewal log.
>>
>>
>>
>> Regards
>>
>> E. Nataf
>> INRIA Nodes
>
More information about the emanicslab
mailing list