Hello..I'm getting quite a few of these write errors and broken pipes in my log. Based on the random usernames associated, I'm guessing someone is trying to spam/ddos/hack? my server..but I'm not sure. Normal users are able to connect without issue. I also have PAM enabled.
User "zFXC2n1KEoU3!zFXC2n1KEoU3@<scrubbed>" unregistered (connection 25): Write error. Connection 25 with "127.0.0.1:39102" closed (in: 1.1k, out: 10.2k). Write error on connection 27 (socket 27): Broken pipe! Shutting down connection 27 (Write error) with "127.0.0.1:39104" ... User "fUAQTQEbC4h!fUAQTQEbC4h@<scrubbed>" unregistered (connection 27): Write error. Connection 27 with "127.0.0.1:39104" closed (in: 1.1k, out: 10.1k). Write error on connection 32 (socket 32): Broken pipe! Shutting down connection 32 (Write error) with "127.0.0.1:39109" ... User "p_Yc__a!p_Yc__a@<scrubbed>" unregistered (connection 32): Write error. Connection 32 with "127.0.0.1:39109" closed (in: 0.9k, out: 9.6k). Write error on connection 33 (socket 33): Broken pipe! Shutting down connection 33 (Write error) with "127.0.0.1:39110" ... User "gFY!gFY@<scrubbed>" unregistered (connection 33): Write error. Connection 33 with "127.0.0.1:39110" closed (in: 0.6k, out: 9.2k). Write error on connection 34 (socket 34): Broken pipe! Shutting down connection 34 (Write error) with "127.0.0.1:39111" ... "wkYPV!wkYPV@<scrubbed>" unregistered (connection 34): Write error.
On 01/03/2015 07:51 AM, wally wrote:
Hello..I'm getting quite a few of these write errors and broken pipes in my log.
You have some kind of weird DNAT going where everything is IPV4 NAT to 127.0.0.1? What port are you listening on? Can you provide true IPv4 "Attacker" IPs and I can correlate based on scanning? In your logs it seems everything is sourced from localhost/localnet (127.0.0.0/8)
Cheers, Nathan
-
lists@packetmail.net -
wally