(URGENT) Broadcast Issue with Server CentOS6.9
Hi, All
Here is a very painful query that we installed CentOS6.9 from scratch on Customer end for Application of VOIP gateway provided by Sangoma with LAN IP of provate pool 192.168.1.151/24. But after installation, it was discovered that whole LAN having Application Server and other PC becomes choked. When we isolated CentOS machine, network is just fine so we fond a culprit but dont know how to fix it. Trying all basic diagnostics, but failed to resolve the issue. Please help out. |
Can you try the more recent version of Centos (version 7.5.1804) ?
Or another distro, that is suited for server purposes ? |
Quote:
|
Can you check the log files (/var/log/... and dmesg) ?
|
When I have seen this issue in the past (LONG past, it was in the 1990s) it was a hardware failure in a NIC that broadcast noise on the wire overloading the network at the lowest level. Try a different NIC, just as a test.
|
Try /var/log, dmesg and change NIC. It will take time as machine is in the remote site and access is only intermittent.
|
Here is output of /var/log/secure
It shows some foreign IP trying to attempt the machine and it seems some ports are opened for easy access? [Please sugest how to secure it] 2]: Invalid user admin from 77.72.82.39 Sep 11 08:37:02 cmsivr sshd[17553]: input_userauth_request: invalid user admin Sep 11 08:37:02 cmsivr sshd[17552]: pam_unix(sshd:auth): check pass; user unknown Sep 11 08:37:02 cmsivr sshd[17552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.72.82.39 Sep 11 08:37:02 cmsivr sshd[17552]: pam_succeed_if(sshd:auth): error retrieving information about user admin Sep 11 08:37:04 cmsivr sshd[17552]: Failed password for invalid user admin from 77.72.82.39 port 44776 ssh2 Sep 11 08:37:07 cmsivr sshd[17553]: Connection closed by 77.72.82.39 Sep 11 12:19:11 cmsivr sshd[19456]: Did not receive identification string from 83.209.188.154 Sep 11 12:21:14 cmsivr sshd[20433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.219.179.5 user=root Sep 11 12:21:16 cmsivr sshd[20433]: Failed password for root from 61.219.179.5 port 48002 ssh2 Sep 11 12:21:19 cmsivr sshd[20483]: Received disconnect from 61.219.179.5: 11: Sep 11 12:23:06 cmsivr sshd[21634]: Invalid user ubnt from 61.219.179.5 Sep 11 12:23:06 cmsivr sshd[21635]: input_userauth_request: invalid user ubnt Sep 11 12:23:06 cmsivr sshd[21634]: pam_unix(sshd:auth): check pass; user unknown Sep 11 12:23:06 cmsivr sshd[21634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.219.179.5 Sep 11 12:23:06 cmsivr sshd[21634]: pam_succeed_if(sshd:auth): error retrieving information about user ubnt Sep 11 12:23:09 cmsivr sshd[21634]: Failed password for invalid user ubnt from 61.219.179.5 port 48053 ssh2 Sep 11 12:23:09 cmsivr sshd[21635]: Received disconnect from 61.219.179.5: 11: Sep 11 13:02:07 cmsivr sshd[12294]: Invalid user admin from 77.72.82.39 Sep 11 13:02:07 cmsivr sshd[12295]: input_userauth_request: invalid user admin Sep 11 13:02:07 cmsivr sshd[12294]: pam_unix(sshd:auth): check pass; user unknown Sep 11 13:02:07 cmsivr sshd[12294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.72.82.39 Sep 11 13:02:07 cmsivr sshd[12294]: pam_succeed_if(sshd:auth): error retrieving information about user admin Sep 11 13:02:09 cmsivr sshd[12294]: Failed password for invalid user admin from 77.72.82.39 port 53684 ssh2 Sep 11 13:02:14 cmsivr sshd[12294]: pam_unix(sshd:auth): check pass; user unknown Sep 11 13:02:14 cmsivr sshd[12294]: pam_succeed_if(sshd:auth): error retrieving information about user admin Sep 11 13:02:16 cmsivr sshd[12294]: Failed password for invalid user admin from 77.72.82.39 port 53684 ssh2 Sep 11 13:02:18 cmsivr sshd[12294]: pam_unix(sshd:auth): check pass; user unknown Sep 11 13:02:18 cmsivr sshd[12294]: pam_succeed_if(sshd:auth): error retrieving information about user admin Sep 11 13:02:20 cmsivr sshd[12294]: Failed password for invalid user admin from 77.72.82.39 port 53684 ssh2 Sep 11 13:02:20 cmsivr sshd[12295]: Connection closed by 77.72.82.39 Sep 11 13:02:20 cmsivr sshd[12294]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.72.82.39 Sep 12 16:28:42 cmsivr sshd[2798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.1 user=root Sep 12 16:28:44 cmsivr sshd[2798]: Failed password for root from 192.168.1.1 port 58737 ssh2 Sep 12 16:28:50 cmsivr sshd[2798]: Failed password for root from 192.168.1.1 port 58737 ssh2 Sep 12 16:29:00 cmsivr sshd[2798]: Accepted password for root from 192.168.1.1 port 58737 ssh2 Sep 12 16:29:00 cmsivr sshd[2798]: pam_unix(sshd:session): session opened for user root by (uid=0) Sep 12 17:19:23 cmsivr login: pam_unix(login:session): session opened for user root by LOGIN(uid=0) Sep 12 17:19:23 cmsivr login: ROOT LOGIN ON tty1 Sep 12 17:22:03 cmsivr sshd[2316]: Invalid user 0 from 5.188.10.182 Sep 12 17:22:03 cmsivr sshd[2317]: input_userauth_request: invalid user 0 Sep 12 17:22:03 cmsivr sshd[2316]: Failed none for invalid user 0 from 5.188.10.182 |
1. This machine might expose SSH port to the internet. You should stop ssh access on internet right away.
2. If Server is flooding network then try tcpdump or wireshark to find what kind of traffic it is. Check which service is causing this traffic. You can do this troubleshooting by isolating server. connect laptop on the port and check what is happening in the network. |
Quote:
Quote:
|
please expalin little more with examples:
|
Quote:
If you get someone on site, just have them shut off SSH and see what happens. And as you were told, run network diagnostics and FIND OUT what kind of traffic is causing the problem. You were given the names of the utilities, and suggestions...it's now time for you to actually do something with them. |
thanjs, will send some network guy to perform online duagnistics as guided.
|
All times are GMT -5. The time now is 09:46 PM. |