Contenu | Rechercher | Menus

Annonce

Si vous avez des soucis pour rester connecté, déconnectez-vous puis reconnectez-vous depuis ce lien en cochant la case
Me connecter automatiquement lors de mes prochaines visites.

À propos de l'équipe du forum.

Pages : 1

#1 Le 19/03/2015, à 17:54

Solferino22

logwatch : unexpectedly shrunk window ??

Bonjour,

Je possède un serveur dédié, et y ai installé Ubuntu 14.04 LTS Server.
Après un reboot, j'ai lancé logwatch via le terminal et j'ai été surpris par quelques lignes, dont les voici :

2 Time(s): Peer 213.245.234.251:54192/33867 unexpectedly shrunk window 3459651181:3459723688 (repaired)
1 Time(s): Peer 213.245.234.251:54192/33867 unexpectedly shrunk window 3478663449:3478737463 (repaired)
1 Time(s): Peer 213.245.234.251:54192/33867 unexpectedly shrunk window 3485439826:3485509385 (repaired)
1 Time(s): Peer 213.245.234.251:54192/33867 unexpectedly shrunk window 3490445251:3490528889 (repaired)
1 Time(s): Peer 213.245.234.251:54192/35286 unexpectedly shrunk window 1963755506:1963815913 (repaired)
1 Time(s): Peer 213.245.234.251:54192/35286 unexpectedly shrunk window 1975368972:1975495900 (repaired)
2 Time(s): Peer 213.245.234.251:54192/35286 unexpectedly shrunk window 1989860933:1989904141 (repaired)
1 Time(s): Peer 213.245.234.251:54192/35286 unexpectedly shrunk window 2003732431:2003861588 (repaired)
1 Time(s): Peer 213.245.234.251:54192/35286 unexpectedly shrunk window 2014152531:2014312876 (repaired)
1 Time(s): Peer 213.245.234.251:54192/35286 unexpectedly shrunk window 2020477588:2020579196 (repaired)
1 Time(s): Peer 213.245.234.251:54192/35767 unexpectedly shrunk window 358440710:358547452 (repaired)
1 Time(s): Peer 213.245.234.251:54192/35767 unexpectedly shrunk window 363827530:363878042 (repaired)
1 Time(s): Peer 213.245.234.251:54192/35767 unexpectedly shrunk window 371609190:371673354 (repaired)
1 Time(s): Peer 213.245.234.251:54192/35767 unexpectedly shrunk window 380805440:380898804 (repaired)
1 Time(s): Peer 213.245.234.251:54192/35767 unexpectedly shrunk window 423740902:423826709 (repaired)
1 Time(s): Peer 213.245.234.251:54192/36022 unexpectedly shrunk window 2636890457:2636898431 (repaired)
3 Time(s): Peer 213.245.234.251:54192/40642 unexpectedly shrunk window 296559328:296646632 (repaired)
1 Time(s): Peer 213.245.234.251:54192/40642 unexpectedly shrunk window 326326990:326352678 (repaired)
1 Time(s): Peer 213.245.234.251:54192/42092 unexpectedly shrunk window 751209791:751247749 (repaired)
1 Time(s): Peer 213.245.234.251:54192/42092 unexpectedly shrunk window 756421929:756477156 (repaired)
1 Time(s): Peer 213.245.234.251:54192/43444 unexpectedly shrunk window 1603349772:1603398430 (repaired)
2 Time(s): Peer 213.245.234.251:54192/43444 unexpectedly shrunk window 1619501238:1619532134 (repaired)
2 Time(s): Peer 213.245.234.251:54192/43444 unexpectedly shrunk window 1625440591:1625502770 (repaired)
1 Time(s): Peer 213.245.234.251:54192/43444 unexpectedly shrunk window 1630175672:1630256530 (repaired)
1 Time(s): Peer 213.245.234.251:54192/43444 unexpectedly shrunk window 1634630512:1634701150 (repaired)
2 Time(s): Peer 213.245.234.251:54192/44800 unexpectedly shrunk window 2829390473:2829415895 (repaired)
1 Time(s): Peer 213.245.234.251:54192/45948 unexpectedly shrunk window 3394488875:3394577309 (repaired)
1 Time(s): Peer 213.245.234.251:54192/45948 unexpectedly shrunk window 3396271346:3396370189 (repaired)
1 Time(s): Peer 213.245.234.251:54192/45948 unexpectedly shrunk window 3405463829:3405543867 (repaired)
1 Time(s): Peer 213.245.234.251:54192/45948 unexpectedly shrunk window 3420397054:3420464354 (repaired)
2 Time(s): Peer 213.245.234.251:54192/45948 unexpectedly shrunk window 3428287897:3428413978 (repaired)
1 Time(s): Peer 213.245.234.251:54192/46703 unexpectedly shrunk window 4193739210:4193751336 (repaired)
1 Time(s): Peer 213.245.234.251:54192/47324 unexpectedly shrunk window 2147478523:2147519282 (repaired)
8 Time(s): Peer 213.245.234.251:54192/50100 unexpectedly shrunk window 2958738479:2958785018 (repaired)
1 Time(s): Peer 213.245.234.251:54192/51931 unexpectedly shrunk window 3985243477:3985274077 (repaired)
1 Time(s): Peer 213.245.234.251:54192/51931 unexpectedly shrunk window 3985859334:3985881437 (repaired)
1 Time(s): Peer 213.245.234.251:54192/51931 unexpectedly shrunk window 3991963157:3991986627 (repaired)
1 Time(s): Peer 213.245.234.251:54192/51931 unexpectedly shrunk window 3994205904:3994264227 (repaired)
1 Time(s): Peer 213.245.234.251:54192/51931 unexpectedly shrunk window 3995861820:3995905267 (repaired)
1 Time(s): Peer 213.245.234.251:54192/55314 unexpectedly shrunk window 503955085:504060694 (repaired)
2 Time(s): Peer 213.245.234.251:54192/55314 unexpectedly shrunk window 509874026:509948004 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1460427078:1460467958 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1460547780:1460551178 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1460554661:1460557018 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1461086926:1461095758 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1461458572:1461469518 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1461908252:1461920658 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1462417066:1462427278 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1463166772:1463171878 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1463587986:1463598198 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1464363972:1464380758 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1465463150:1465478678 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1466116698:1466118158 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1466536060:1466547398 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1467713043:1467734430 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1468218728:1468236446 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1469423090:1469436566 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1470178619:1470198686 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1470654593:1470670266 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1472811990:1472873406 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1473714091:1473728966 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1474581331:1474602046 (repaired)
2 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1477144816:1477171646 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1478926016:1478949926 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1482758755:1482789726 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1485056168:1485081991 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1488697865:1488739423 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1489656539:1489688423 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1492035100:1492050703 (repaired)
2 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1493794400:1493843583 (repaired)
2 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1494874800:1494906463 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1497847744:1497887710 (repaired)
2 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1500208564:1500261670 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1502355767:1502413710 (repaired)
2 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1506048708:1506118331 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1508773525:1508819331 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1511894254:1511912866 (repaired)
2 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1514158935:1514208455 (repaired)
2 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1516384769:1516424735 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1518682484:1518728747 (repaired)
2 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1519792084:1519826667 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1521576204:1521619547 (repaired)
2 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1522937381:1522953987 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1524604701:1524627147 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1526037964:1526063787 (repaired)
2 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1527112524:1527138347 (repaired)
2 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1528785684:1528817347 (repaired)
2 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1531541100:1531604883 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1533226397:1533257603 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1534916620:1534954123 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1536747460:1536793723 (repaired)
2 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1539638717:1539671310 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1542048647:1542086150 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1544554007:1544611950 (repaired)
2 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1546190667:1546238390 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1548408671:1548452014 (repaired)
2 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1550537808:1550574854 (repaired)
2 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1552888408:1552931294 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1554751368:1554776734 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1556435751:1556473254 (repaired)
2 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1558441791:1558476374 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1560748591:1560809454 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1567573620:1567618046 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1575985424:1576097714 (repaired)
3 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1577644278:1577718314 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1579447101:1579496594 (repaired)
2 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1587789688:1587850714 (repaired)
2 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1591629341:1591693434 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1594520993:1594582166 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1605723838:1605835846 (repaired)
2 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1612299706:1612371671 (repaired)
3 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1622571407:1622631355 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1625064401:1625130875 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1632684537:1632765611 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1644846243:1645053030 (repaired)
2 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1653774507:1653917291 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1661645294:1661677455 (repaired)
2 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1664213771:1664276255 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1670703398:1670790702 (repaired)
2 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1675068930:1675154774 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1681027955:1681126643 (repaired)
1 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1687879662:1687962627 (repaired)
2 Time(s): Peer 81.66.153.190:57663/38322 unexpectedly shrunk window 1689373283:1689410947 (repaired)
1 Time(s): Peer 85.168.38.31:38523/42860 unexpectedly shrunk window 3256257023:3256691807 (repaired)
1 Time(s): Peer 89.2.44.22:57137/40629 unexpectedly shrunk window 3790289892:3790290881 (repaired)
1 Time(s): Peer 89.2.44.22:57137/40629 unexpectedly shrunk window 3790295822:3790296721 (repaired)
6 Time(s): Peer 89.2.44.22:57137/40629 unexpectedly shrunk window 3790406692:3790407681 (repaired)
5 Time(s): Peer 89.2.44.22:57137/40629 unexpectedly shrunk window 3790488452:3790489441 (repaired)
1 Time(s): Peer 89.2.44.22:57137/40629 unexpectedly shrunk window 3790554152:3790556601 (repaired)

Je me suis renseigné sur ces IP et ce sont des IP de chez Numericable, mais ça fait un peu beaucoup je trouve.

Je précise qu'il n'y a aucun logiciel de lancer sur la machine lors de l'exam.

Donc y'a t'il raison de s’inquiéter, ou c'est tout a fait normal ?

merci d'avance pour vos infos

Hors ligne

#2 Le 19/03/2015, à 22:09

quaego

Re : logwatch : unexpectedly shrunk window ??

Bonsoir,

S'il n'y a pas des milliers de messages de ce type, pas lieu de s'inquiéter : le driver de l'équipement réseau indique qu'il a concaténé automatiquement des échanges TCP fragmentés, avec une taille de fenêtre TCP atypique et réduite. Si toutes les IPs sont bien de Numericable, peut-être un modèle de box avec un équipement réseau utilisant des réglages inhabituels.

Si par contre il y a une quantité très importante d'échanges de ce type (plusieurs dizaines de milliers) sur une période courte, cela peut indiquer une fragmentation volontaire, technique qui peut être utilisée pour du déni de service.

Hors ligne

#3 Le 19/03/2015, à 22:23

Solferino22

Re : logwatch : unexpectedly shrunk window ??

Bonsoir quaego

Oui, ce sont tout le temps les memes IP qui apparaissent, et toujours de chez Numericable, mais de regions differentes (Principalement Paris et Lille).

Par contre ce que je trouve bizarre, c'est que mon serveur dedié appartient a la compagnie Online (Loueur de serveur dedié mondialement connu).
Sont ils associés ?

La liste ci dessus est toujours la meme, et meme nombres, donc je pense qu'il n'y a pas de quoi s'en faire, merci pour tes reponses quaego.

Si certains ont d'autres infos je suis preneur

Merci quaego

Hors ligne

#4 Le 20/03/2015, à 14:02

quaego

Re : logwatch : unexpectedly shrunk window ??

Solferino22 a écrit :

Par contre ce que je trouve bizarre, c'est que mon serveur dedié appartient a la compagnie Online (Loueur de serveur dedié mondialement connu).
Sont ils associés ?

Bonjour Solferino22,

Online appartient au groupe Illiad (Free), donc non associé à Numericable.

Solferino22 a écrit :

La liste ci dessus est toujours la meme, et meme nombres, donc je pense qu'il n'y a pas de quoi s'en faire, merci pour tes reponses quaego.

Si c'est toujours la même, dans le même ordre notamment, c'est un peu bizarre. Si ce sont des connexions d'internautes Numericable, elles devraient suivre un schéma plutôt aléatoire.

Hors ligne

#5 Le 20/03/2015, à 20:47

Solferino22

Re : logwatch : unexpectedly shrunk window ??

Bonsoir quaego

Oui j'ai refais plusieurs logs et ce sont toujours les mêmes IP qui apparaissent, dans le même ordre, rien ne change.

Devrais je les droper dans iptables, au cas ou ?

De plus si tu me confirmes qu'Online est associé a Free, je commence a avoir de sérieux doutes sur ces IP.

Merci

Hors ligne

#6 Le 21/03/2015, à 21:43

quaego

Re : logwatch : unexpectedly shrunk window ??

Solferino22 a écrit :

Bonsoir quaego

Oui j'ai refais plusieurs logs et ce sont toujours les mêmes IP qui apparaissent, dans le même ordre, rien ne change.

Devrais je les droper dans iptables, au cas ou ?

Bonsoir,

Si l'activité sur le serveur en provenance de ces IPs n'est pas particulièrement chargée ou considérée comme "nuisible", personnellement je ne bloquerai pas (elles peuvent éventuellement être recyclées et attribuées à d'autres utilisateurs).

Si ce n'est pas indiscret, elles sont associées à quel type de requête (HTTP, ou autre) ?

Et toujours à la même heure ou variable ?

Solferino22 a écrit :

De plus si tu me confirmes qu'Online est associé a Free, je commence a avoir de sérieux doutes sur ces IP.

Merci

Oui, ça c'est absolument sûr : http://www.iliad.fr/societes.html

Hors ligne

Pages : 1