Bug 732957

Summary: Default install of Asterisk spews packets to invalid IP address
Product: [Fedora] Fedora Reporter: David Woodhouse <dwmw2>
Component: asteriskAssignee: Jeffrey C. Ollie <jeff>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 15CC: itamar, jeff
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-09-20 13:19:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Woodhouse 2011-08-24 09:57:40 UTC 
After installing Asterisk, I noticed a large amount of unexpected Internet traffic. It seems that the Asterisk box was spewing packets to 192.168.0.24.
(Since I don't use NAT, these were going straight out to the ISP who was rejecting them as unroutable):

10:53:51.533338 IP 90.155.92.244.58133 > 192.168.0.24.pktcable-cops: Flags [S], seq 3310868053, win 14600, options [mss 1460,sackOK,TS val 144030427 ecr 0,nop,wscale 4], length 0
10:53:51.557719 IP 90.155.53.6 > 90.155.92.244: ICMP net 192.168.0.24 unreachable, length 36
10:53:51.559294 IP 90.155.92.244.58134 > 192.168.0.24.pktcable-cops: Flags [S], seq 133054872, win 14600, options [mss 1460,sackOK,TS val 144030453 ecr 0,nop,wscale 4], length 0
10:53:51.583881 IP 90.155.53.6 > 90.155.92.244: ICMP net 192.168.0.24 unreachable, length 36
10:53:51.585418 IP 90.155.92.244.58135 > 192.168.0.24.pktcable-cops: Flags [S], seq 2670163269, win 14600, options [mss 1460,sackOK,TS val 144030479 ecr 0,nop,wscale 4], length 0
10:53:51.608970 IP 90.155.53.6 > 90.155.92.244: ICMP net 192.168.0.24 unreachable, length 36
10:53:51.610451 IP 90.155.92.244.58136 > 192.168.0.24.pktcable-cops: Flags [S], seq 3941291750, win 14600, options [mss 1460,sackOK,TS val 144030504 ecr 0,nop,wscale 4], length 0
10:53:51.633890 IP 90.155.53.6 > 90.155.92.244: ICMP net 192.168.0.24 unreachable, length 36
10:53:51.635443 IP 90.155.92.244.58137 > 192.168.0.24.pktcable-cops: Flags [S], seq 2254839251, win 14600, options [mss 1460,sackOK,TS val 144030529 ecr 0,nop,wscale 4], length 0
10:53:51.659223 IP 90.155.53.6 > 90.155.92.244: ICMP net 192.168.0.24 unreachable, length 36
10:53:51.660665 IP 90.155.92.244.58138 > 192.168.0.24.pktcable-cops: Flags [S], seq 1080245882, win 14600, options [mss 1460,sackOK,TS val 144030554 ecr 0,nop,wscale 4], length 0

It goes on.... it seems to be attempting a SYN-flood attack. What the hell is it doing?

I found 192.168.0.24 listed in res_pktccops.conf, and unloading the res_pktccops.so seems to have fixed the problem.

This is *not* something that a default install should be doing out of the box.
Comment 1 Jeffrey C. Ollie 2011-09-20 13:19:41 UTC 

*** This bug has been marked as a duplicate of bug 658431 ***