All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Netbios flood from another VPS on the same network
My KVM VPS is getting flooded with these (thousands every second). I modified the source IP but it's originating from within the provider's network.
0:42:18.750528 IP 123.234.0.22.50138 > 255.255.255.255.138: NBT UDP PACKET(138)
0:42:18.753594 IP 123.234.0.22.50138 > 255.255.255.255.138: NBT UDP PACKET(138)
0:42:18.753650 IP 123.234.1.196.45654 > 255.255.255.255.138: NBT UDP PACKET(138)
0:42:18.756515 IP 123.234.0.22.50139 > 255.255.255.255.138: NBT UDP PACKET(138)
0:42:18.756606 IP 123.234.1.196.45654 > 255.255.255.255.138: NBT UDP PACKET(138)
0:42:18.758707 IP 123.234.0.22.50139 > 255.255.255.255.138: NBT UDP PACKET(138)
0:42:18.760652 IP 123.234.1.196.45654 > 255.255.255.255.138: NBT UDP PACKET(138)
0:42:18.769613 IP 123.234.0.22.50140 > 255.255.255.255.138: NBT UDP PACKET(138)
0:42:18.769926 IP 123.234.0.22.50140 > 255.255.255.255.138: NBT UDP PACKET(138)
0:42:18.769959 IP 123.234.1.196.54411 > 255.255.255.255.138: NBT UDP PACKET(138)
Deeper inspection shows some type of SMBtrans request for a resource called Name=\MAILSLOT\BROWSE
Does anyone know what this is?
Comments
Windows.
Google
But why should I be getting broadcasted packets from another VPS, shouldn't this sort of traffic be dropped in the KVM host? It's causing a considerable amount of internal traffic.
this should be in a ticket to your provider
@pechspilz: Open up a ticket with your provider. This is something you take care of with them.
I did this some time ago. They asked me for root access to my VPS...
time to move
:-) That's what I thought, thanks for confirming it.
That would be my thought. If they need root access to see your network traffic, probably not the admin I'd want behind my VPS. Unless they're not seeing it externally I suppose, but I don't see how they couldn't unless you were making it up.
Getting these as well, I guess I know which provider/DC @pechspilz is talking about.
eth0 19:57 ^ r | r r r r r r | r r r r r r r r r r r r | r r r r r r r r r r r r r r r r r r r | r r r r r r r r r r r r r r r r r r r r r r r | r r r r r r r r r r r r r r r r r r r r r r r r | r r r r r r r r r r r r r r r r r r r r r r r r | r r r r r r r r r r r r r r r r r r r r r r r r | r r r r r r r r r r r r r r r r r r r r r r r r | r r r r r r r r r r r r r r r r r r r rt r r r r -+---------------------------------------------------------------------------> | 20 21 22 23 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 h rx (KiB) tx (KiB) h rx (KiB) tx (KiB) h rx (KiB) tx (KiB) 20 256095 116 04 275248 126 12 233155 987 21 252327 242 05 282007 309 13 215343 1429 22 263629 360 06 289495 120 14 242687 11048 23 279308 114 07 274642 18237 15 237313 38360 00 262164 9027 08 244039 30958 16 239229 29952 01 287907 238 09 247721 15024 17 228358 276 02 285726 116 10 200350 104 18 175383 616 03 309907 251 11 213216 283 19 186414 311Mind saying who it is?
I'd rather not say anything more except it's someone who's active on LET and it was one of these "too good to be true" offers. Oh well, some folks never learn. Where can I get one of these "VPS BAIT" tees.