Hi guys, I suddenly noticed that there is an issue with my box. I haven't done much with it - not sure if it was attacked but it doesn't seem like so.
I was trying to investigate why w(1) takes 2 to 3 seconds to show completely. Then I thought maybe it is trying to resolve my IP address. When I check resolv.conf, it is still pointed to 8.8.8.8 and 8.8.4.4.
So I checked /var/log/messages, and also saw this (yes I use no-ip):
And then a simple
I wanted to check the route and I also get this:
And I'm out of the server again.
Hmm.. any idea what else should I be checking for?
Thanks..
I was trying to investigate why w(1) takes 2 to 3 seconds to show completely. Then I thought maybe it is trying to resolve my IP address. When I check resolv.conf, it is still pointed to 8.8.8.8 and 8.8.4.4.
So I checked /var/log/messages, and also saw this (yes I use no-ip):
Code:
Jan 31 09:20:55 nb1 noip2[562]: Can't gethostbyname for dynupdate.no-ip.com
Jan 31 09:20:55 nb1 noip2[562]: Can't get our visible IP address from ip1.dynupdate.no-ip.com
And then a simple
ping
to www.google.com won't work. And then ping to 8.8.8.8 also doesn't work. After a while SSH would disconnect me, even if I VPN into my box, then VPN would also break. Sounds like the kernel is breaking the TCP pipe.I wanted to check the route and I also get this:
Code:
root@nb1:~ [CMD]# netstat -r[/CMD]
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default gw UGS re0
packet_write_wait: Connection to 113.xxx.xxx.xx: Broken pipe
And I'm out of the server again.
Hmm.. any idea what else should I be checking for?
Thanks..