[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bardzo dziwny ruch w sieci

Witam grupowiczów
Od pewnego czasu pojawia mi się bardzo dziwny ruch w sieci lokalnej.
Głównie rozpoznać go można po tym że niektórym użytkownikom nagle
komunikacja spada do zera, pingi działają raz na 1000, i przestaje
oczywiscie chodzić internet...
W logach zostaje mi bardzo dużo wpisów o zmieniających sie arpach ( kawałek
sysloga na koncu wiadomosci). Udało mi się podczas takiej sytuacji zrzucić
też do pliku wynik tcpdump-a - ewentualnie równie moge podesłac. 


Spotkał się ktoś z takim dziwadłem?? Jak napisałem wcześniej dla
zainteresowanych dostępny też tcpdump...
Dodam jeszcze ze po kilku minutach / godzinach czasem wszystko wraca do
normy... 
Niestety serwer obsluguje zdalnie i niemam pojęcia jak to ugryść...



Wycinek sysloga (dla porządku - podsiec 10.0.37.0/24, serwer 10.0.37.1 -
niagara.priv):

May 29 21:11:26 niagara arpwatch: changed ethernet address 10.0.37.2
2e:27:71:56:7d:7a (0:30:4f:11:a9:6) eth1
May 29 21:11:30 niagara arpwatch: changed ethernet address 10.0.37.16
2e:50:8:4e:1e:37 (0:30:4f:26:cc:9) eth1
May 29 21:11:30 niagara arpwatch: flip flop 10.0.37.16 0:30:4f:26:cc:9
(2e:50:8:4e:1e:37) eth1
May 29 21:11:31 niagara arpwatch: changed ethernet address 10.0.37.16
2e:7a:4e:2c:46:47 (0:30:4f:26:cc:9) eth1
May 29 21:11:31 niagara arpwatch: flip flop 10.0.37.16 0:30:4f:26:cc:9
(2e:7a:4e:2c:46:47) eth1
May 29 21:11:32 niagara arpwatch: changed ethernet address 10.0.37.16
2e:23:13:a:6f:56 (0:30:4f:26:cc:9) eth1
May 29 21:11:32 niagara arpwatch: flip flop 10.0.37.16 0:30:4f:26:cc:9
(2e:23:13:a:6f:56) eth1
May 29 21:11:33 niagara arpwatch: changed ethernet address 10.0.37.16
2e:4e:59:68:17:66 (0:30:4f:26:cc:9) eth1
May 29 21:11:33 niagara arpwatch: flip flop 10.0.37.16 0:30:4f:26:cc:9
(2e:4e:59:68:17:66) eth1
May 29 21:11:34 niagara arpwatch: changed ethernet address 10.0.37.16
2e:78:1f:46:3f:75 (0:30:4f:26:cc:9) eth1
May 29 21:11:34 niagara arpwatch: flip flop 10.0.37.16 0:30:4f:26:cc:9
(2e:78:1f:46:3f:75) eth1
May 29 21:11:35 niagara arpwatch: changed ethernet address 10.0.37.16
2e:21:65:24:67:4 (0:30:4f:26:cc:9) eth1
May 29 21:11:35 niagara arpwatch: flip flop 10.0.37.16 0:30:4f:26:cc:9
(2e:21:65:24:67:4) eth1
May 29 21:11:36 niagara arpwatch: changed ethernet address 10.0.37.28
2e:4b:2b:2:f:13 (0:2:44:7c:14:f9) eth1
May 29 21:11:36 niagara arpwatch: changed ethernet address 10.0.37.16
2e:4b:2b:2:f:13 (0:30:4f:26:cc:9) eth1
May 29 21:11:36 niagara arpwatch: flip flop 10.0.37.16 0:30:4f:26:cc:9
(2e:4b:2b:2:f:13) eth1
May 29 21:11:37 niagara arpwatch: changed ethernet address 10.0.37.16
2e:76:71:60:38:23 (0:30:4f:26:cc:9) eth1
May 29 21:11:37 niagara arpwatch: flip flop 10.0.37.16 0:30:4f:26:cc:9
(2e:76:71:60:38:23) eth1
May 29 21:11:38 niagara arpwatch: changed ethernet address 10.0.37.28
2e:76:71:60:38:23 (2e:4b:2b:2:f:13) eth1
May 29 21:11:38 niagara arpwatch: changed ethernet address 10.0.37.25
2e:76:71:60:38:23 (0:2:44:8b:d8:dd) eth1
May 29 21:11:38 niagara arpwatch: changed ethernet address 10.0.37.16
2e:1f:36:3e:60:32 (0:30:4f:26:cc:9) eth1
May 29 21:11:38 niagara arpwatch: flip flop 10.0.37.16 0:30:4f:26:cc:9
(2e:1f:36:3e:60:32) eth1
May 29 21:11:39 niagara named[2036]: refused query on non-query socket from
[87.16.180.213].4672
May 29 21:11:39 niagara arpwatch: changed ethernet address 10.0.37.16
2e:49:7c:1c:8:42 (0:30:4f:26:cc:9) eth1
May 29 21:11:39 niagara arpwatch: flip flop 10.0.37.16 0:30:4f:26:cc:9
(2e:49:7c:1c:8:42) eth1
May 29 21:11:40 niagara arpwatch: changed ethernet address 10.0.37.28
2e:49:7c:1c:8:42 (2e:76:71:60:38:23) eth1
May 29 21:11:40 niagara arpwatch: changed ethernet address 10.0.37.25
2e:49:7c:1c:8:42 (2e:76:71:60:38:23) eth1
May 29 21:11:40 niagara arpwatch: changed ethernet address 10.0.37.20
2e:49:7c:1c:8:42 (0:11:9:5f:f:a4) eth1
May 29 21:11:40 niagara arpwatch: changed ethernet address 10.0.37.16
2e:74:42:7a:31:51 (0:30:4f:26:cc:9) eth1
May 29 21:11:40 niagara arpwatch: flip flop 10.0.37.16 0:30:4f:26:cc:9
(2e:74:42:7a:31:51) eth1
May 29 21:11:41 niagara arpwatch: changed ethernet address 10.0.37.16
2e:1d:7:58:59:60 (0:30:4f:26:cc:9) eth1
May 29 21:11:41 niagara arpwatch: flip flop 10.0.37.16 0:30:4f:26:cc:9
(2e:1d:7:58:59:60) eth1
May 29 21:11:41 niagara arpwatch: changed ethernet address 10.0.37.16
2e:1d:7:58:59:60 (0:30:4f:26:cc:9) eth1
May 29 21:11:41 niagara arpwatch: flip flop 10.0.37.16 0:30:4f:26:cc:9
(2e:1d:7:58:59:60) eth1
May 29 21:11:42 niagara arpwatch: changed ethernet address 10.0.37.16
2e:47:4d:36:1:70 (0:30:4f:26:cc:9) eth1
May 29 21:11:42 niagara arpwatch: flip flop 10.0.37.16 0:30:4f:26:cc:9
(2e:47:4d:36:1:70) eth1
May 29 21:11:42 niagara named[2036]: refused query on non-query socket from
[121.230.158.173].6657
May 29 21:11:43 niagara arpwatch: changed ethernet address 10.0.37.16
2e:72:13:14:2a:7f (0:30:4f:26:cc:9) eth1
May 29 21:11:43 niagara arpwatch: flip flop 10.0.37.16 0:30:4f:26:cc:9
(2e:72:13:14:2a:7f) eth1
May 29 21:11:44 niagara arpwatch: changed ethernet address 10.0.37.16
2e:1b:59:72:52:e (0:30:4f:26:cc:9) eth1
May 29 21:11:44 niagara arpwatch: flip flop 10.0.37.16 0:30:4f:26:cc:9
(2e:1b:59:72:52:e) eth1
May 29 21:11:45 niagara arpwatch: changed ethernet address 10.0.37.16
2e:45:1f:50:7a:1d (0:30:4f:26:cc:9) eth1
May 29 21:11:45 niagara arpwatch: flip flop 10.0.37.16 0:30:4f:26:cc:9
(2e:45:1f:50:7a:1d) eth1
May 29 21:11:46 niagara arpwatch: changed ethernet address 10.0.37.16
2e:6f:65:2e:22:2d (0:30:4f:26:cc:9) eth1
May 29 21:11:46 niagara arpwatch: flip flop 10.0.37.16 0:30:4f:26:cc:9
(2e:6f:65:2e:22:2d) eth1
May 29 21:11:47 niagara arpwatch: changed ethernet address 10.0.37.16
2e:19:2a:c:4b:3c (0:30:4f:26:cc:9) eth1
May 29 21:11:47 niagara arpwatch: flip flop 10.0.37.16 0:30:4f:26:cc:9
(2e:19:2a:c:4b:3c) eth1
May 29 21:11:48 niagara arpwatch: changed ethernet address 10.0.37.16
2e:43:70:6a:73:4c (0:30:4f:26:cc:9) eth1
May 29 21:11:48 niagara arpwatch: flip flop 10.0.37.16 0:30:4f:26:cc:9
(2e:43:70:6a:73:4c) eth1
May 29 21:12:00 niagara arpwatch: changed ethernet address 10.0.37.2
2e:3b:35:52:57:3 (2e:27:71:56:7d:7a) eth1
May 29 21:12:00 niagara arpwatch: reused old ethernet address 10.0.37.28
0:2:44:7c:14:f9 (2e:49:7c:1c:8:42) eth1
May 29 21:12:02 niagara dhcpd: DHCPREQUEST for 10.0.37.10 from
00:c0:9f:19:24:03 via eth1
May 29 21:12:02 niagara dhcpd: DHCPACK on 10.0.37.10 to 00:c0:9f:19:24:03
via eth1
May 29 21:12:03 niagara arpwatch: changed ethernet address 10.0.37.16
2e:f:41:e:27:22 (0:30:4f:26:cc:9) eth1
May 29 21:12:04 niagara arpwatch: changed ethernet address 10.0.37.7
2f:63:4d:4a:78:41 (0:30:4f:11:a0:40) eth1
May 29 21:12:04 niagara arpwatch: flip flop 10.0.37.7 0:30:4f:11:a0:40
(2f:63:4d:4a:78:41) eth1
May 29 21:12:05 niagara arpwatch: changed ethernet address 10.0.37.7
2f:d:12:28:20:50 (0:30:4f:11:a0:40) eth1
May 29 21:12:05 niagara arpwatch: flip flop 10.0.37.7 0:30:4f:11:a0:40
(2f:d:12:28:20:50) eth1
May 29 21:12:05 niagara arpwatch: changed ethernet address 10.0.37.6
2f:d:12:28:20:50 (0:30:4f:11:a5:1e) eth1
May 29 21:12:05 niagara arpwatch: report: pausing (cdepth 3)
May 29 21:12:05 niagara arpwatch: flip flop 10.0.37.6 0:30:4f:11:a5:1e
(2f:d:12:28:20:50) eth1
May 29 21:12:06 niagara arpwatch: changed ethernet address 10.0.37.7
2f:37:58:6:48:60 (0:30:4f:11:a0:40) eth1
May 29 21:12:06 niagara arpwatch: flip flop 10.0.37.7 0:30:4f:11:a0:40
(2f:37:58:6:48:60) eth1
May 29 21:12:06 niagara arpwatch: changed ethernet address 10.0.37.6
2f:37:58:6:48:60 (0:30:4f:11:a5:1e) eth1
May 29 21:12:07 niagara arpwatch: report: pausing (cdepth 3)
May 29 21:12:07 niagara arpwatch: flip flop 10.0.37.6 0:30:4f:11:a5:1e
(2f:37:58:6:48:60) eth1
May 29 21:12:07 niagara arpwatch: report: pausing (cdepth 3)
May 29 21:12:07 niagara arpwatch: changed ethernet address 10.0.37.15
2f:37:58:6:48:60 (0:50:ba:b1:f0:5f) eth1
May 29 21:12:09 niagara named[2036]: refused query on non-query socket from
[190.51.139.68].4672
May 29 21:12:09 niagara arpwatch: changed ethernet address 10.0.37.7
2f:35:29:20:41:d (0:30:4f:11:a0:40) eth1
May 29 21:12:09 niagara arpwatch: flip flop 10.0.37.7 0:30:4f:11:a0:40
(2f:35:29:20:41:d) eth1
May 29 21:12:09 niagara arpwatch: changed ethernet address 10.0.37.6
2f:35:29:20:41:d (0:30:4f:11:a5:1e) eth1
May 29 21:12:09 niagara arpwatch: report: pausing (cdepth 3)
May 29 21:12:09 niagara arpwatch: changed ethernet address 10.0.37.13
2f:35:29:20:41:d (0:30:4f:19:86:cf) eth1
May 29 21:12:09 niagara arpwatch: report: pausing (cdepth 3)
May 29 21:12:09 niagara arpwatch: flip flop 10.0.37.13 0:30:4f:19:86:cf
(2f:35:29:20:41:d) eth1
May 29 21:12:09 niagara arpwatch: report: pausing (cdepth 3)
May 29 21:12:09 niagara arpwatch: changed ethernet address 10.0.37.15
2f:35:29:20:41:d (2f:37:58:6:48:60) eth1
May 29 21:12:09 niagara arpwatch: reused old ethernet address 10.0.37.15
0:50:ba:b1:f0:5f (2f:35:29:20:41:d) eth1
May 29 21:12:09 niagara arpwatch: report: pausing (cdepth 3)
May 29 21:12:09 niagara arpwatch: flip flop 10.0.37.6 0:30:4f:11:a5:1e
(2f:35:29:20:41:d) eth1
May 29 21:12:10 niagara arpwatch: reused old ethernet address 10.0.37.25
0:2:44:8b:d8:dd (2e:49:7c:1c:8:42) eth1
May 29 21:12:10 niagara arpwatch: changed ethernet address 10.0.37.25
2f:5f:6f:7e:6a:1d (0:2:44:8b:d8:dd) eth1
May 29 21:12:10 niagara arpwatch: changed ethernet address 10.0.37.7
2f:5f:6f:7e:6a:1d (0:30:4f:11:a0:40) eth1
May 29 21:12:10 niagara arpwatch: flip flop 10.0.37.7 0:30:4f:11:a0:40
(2f:5f:6f:7e:6a:1d) eth1
May 29 21:12:10 niagara arpwatch: report: pausing (cdepth 3)
May 29 21:12:10 niagara arpwatch: changed ethernet address 10.0.37.6
2f:5f:6f:7e:6a:1d (0:30:4f:11:a5:1e) eth1
May 29 21:12:10 niagara arpwatch: report: pausing (cdepth 3)
May 29 21:12:10 niagara arpwatch: changed ethernet address 10.0.37.13
2f:5f:6f:7e:6a:1d (0:30:4f:19:86:cf) eth1
May 29 21:12:10 niagara arpwatch: report: pausing (cdepth 3)
May 29 21:12:10 niagara arpwatch: flip flop 10.0.37.13 0:30:4f:19:86:cf
(2f:5f:6f:7e:6a:1d) eth1
May 29 21:12:10 niagara arpwatch: report: pausing (cdepth 3)
May 29 21:12:10 niagara arpwatch: changed ethernet address 10.0.37.15
2f:5f:6f:7e:6a:1d (0:50:ba:b1:f0:5f) eth1
Reply to: