Bug 732957 - Default install of Asterisk spews packets to invalid IP address
Summary: Default install of Asterisk spews packets to invalid IP address
Keywords:
Status: CLOSED DUPLICATE of bug 658431
Alias: None
Product: Fedora
Classification: Fedora
Component: asterisk
Version: 15
Hardware: Unspecified
OS: Unspecified
unspecified
urgent
Target Milestone: ---
Assignee: Jeffrey C. Ollie
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-08-24 09:57 UTC by David Woodhouse
Modified: 2011-09-20 13:19 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-09-20 13:19:41 UTC


Attachments (Terms of Use)

Description David Woodhouse 2011-08-24 09:57:40 UTC
After installing Asterisk, I noticed a large amount of unexpected Internet traffic. It seems that the Asterisk box was spewing packets to 192.168.0.24.
(Since I don't use NAT, these were going straight out to the ISP who was rejecting them as unroutable):

10:53:51.533338 IP 90.155.92.244.58133 > 192.168.0.24.pktcable-cops: Flags [S], seq 3310868053, win 14600, options [mss 1460,sackOK,TS val 144030427 ecr 0,nop,wscale 4], length 0
10:53:51.557719 IP 90.155.53.6 > 90.155.92.244: ICMP net 192.168.0.24 unreachable, length 36
10:53:51.559294 IP 90.155.92.244.58134 > 192.168.0.24.pktcable-cops: Flags [S], seq 133054872, win 14600, options [mss 1460,sackOK,TS val 144030453 ecr 0,nop,wscale 4], length 0
10:53:51.583881 IP 90.155.53.6 > 90.155.92.244: ICMP net 192.168.0.24 unreachable, length 36
10:53:51.585418 IP 90.155.92.244.58135 > 192.168.0.24.pktcable-cops: Flags [S], seq 2670163269, win 14600, options [mss 1460,sackOK,TS val 144030479 ecr 0,nop,wscale 4], length 0
10:53:51.608970 IP 90.155.53.6 > 90.155.92.244: ICMP net 192.168.0.24 unreachable, length 36
10:53:51.610451 IP 90.155.92.244.58136 > 192.168.0.24.pktcable-cops: Flags [S], seq 3941291750, win 14600, options [mss 1460,sackOK,TS val 144030504 ecr 0,nop,wscale 4], length 0
10:53:51.633890 IP 90.155.53.6 > 90.155.92.244: ICMP net 192.168.0.24 unreachable, length 36
10:53:51.635443 IP 90.155.92.244.58137 > 192.168.0.24.pktcable-cops: Flags [S], seq 2254839251, win 14600, options [mss 1460,sackOK,TS val 144030529 ecr 0,nop,wscale 4], length 0
10:53:51.659223 IP 90.155.53.6 > 90.155.92.244: ICMP net 192.168.0.24 unreachable, length 36
10:53:51.660665 IP 90.155.92.244.58138 > 192.168.0.24.pktcable-cops: Flags [S], seq 1080245882, win 14600, options [mss 1460,sackOK,TS val 144030554 ecr 0,nop,wscale 4], length 0

It goes on.... it seems to be attempting a SYN-flood attack. What the hell is it doing?

I found 192.168.0.24 listed in res_pktccops.conf, and unloading the res_pktccops.so seems to have fixed the problem.

This is *not* something that a default install should be doing out of the box.

Comment 1 Jeffrey C. Ollie 2011-09-20 13:19:41 UTC

*** This bug has been marked as a duplicate of bug 658431 ***


Note You need to log in before you can comment on or make changes to this bug.