Strange log entries
Tim Wunder
tim
Mon May 17 11:58:26 PDT 2004
On 1/21/2004 10:12 AM, I believe that Net Llama! wrote:
> On Wed, 21 Jan 2004, Tim Wunder wrote:
>
>>Hi,
>>Starting this morning at about 8:08, I've been getting odd entries in
>>/var/log/messages. Stuff like:
>>Jan 21 08:13:30 localserver kernel: NET: 58 messages suppressed.
>>Jan 21 08:13:30 localserver kernel: neighbour table overflow
>>Jan 21 08:13:36 localserver kernel: NET: 49 messages suppressed.
>>Jan 21 08:13:36 localserver kernel: neighbour table overflow
>>Jan 21 08:13:39 localserver kernel: NET: 39 messages suppressed.
>>Jan 21 08:13:39 localserver kernel: neighbour table overflow
>>Jan 21 08:14:05 localserver kernel: NET: 33 messages suppressed.
>>Jan 21 08:14:05 localserver kernel: neighbour table overflow
>>
>>A couple of google searches seems to indicate some kind of port scan may
>>be happening. Any suggestion on tools to help me find out what's going on?
>
>
> This thread seems to offer explanations and troubleshooting suggestions:
> http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&c2coff=1&safe=off&threadm=01072820231401.01125%40mercury.snydernet.lan&rnum=8&prev=/groups%3Fas_epq%3Dneighbour%2520table%2520overflow%26safe%3Doff%26ie%3DUTF-8%26oe%3DUTF-8%26lr%3D%26num%3D30%26hl%3Den
>
> In short, run tcpdump -n -i eth0 (assuming your network is on eth0) and
> see if you see an arp request that never gets answered.
>
That found the problem for me. 192.168.1.5 happens to be infected by
msblast.exe. Killed the msblast.exe executable and the log entries stopped.
Looks like I have a Wintendo box to clean :-(
<*sigh*>
What causes users to click on whatever attachments people send them?
</*sigh*>
Thanks,
Tim
More information about the Linux-users
mailing list