View Single Post
Old 29th May 2013, 14:50
monkfish monkfish is offline
HowtoForge Supporter
Join Date: Mar 2013
Posts: 106
Thanks: 9
Thanked 15 Times in 14 Posts

Thanks for that. Nothing jumping out in your txt files as I'm sure you're aware.

I think then the traffic is being spoofed somewhere else on the OVH network and you're caught in the middle.

What does OVH say about that? Are they seeing any spurious traffic on their network? Why would their network configuration allow traffic seemingly from your broadcast address?

Here's how a part of it looks from my side, a tcpdump:

11:40:27.902411 IP 178.32.170.x.http > 46.4.46.x.15530: Flags [S.], seq 145700464, ack 1510529928, win 5840, options [mss 1460], length 0
11:40:28.015501 IP 178.32.81.x.http > 46.4.46.x.9361: Flags [S.], seq 2624546511, ack 1633638097, win 5840, options [mss 1460], length 0
11:40:28.330865 IP 178.32.81.x.http > 46.4.46.x.46018: Flags [S.], seq 1488576285, ack 1342855121, win 5840, options [mss 1460], length 0
11:40:28.689594 IP 178.32.81.x.http > 46.4.46.x.33576: Flags [S.], seq 3790022167, ack 3603716049, win 5840, options [mss 1460], length 0
11:40:28.746009 IP 178.32.96.x.http > 46.4.46.x.20201: Flags [S.], seq 3740042693, ack 2416947335, win 14600, options [mss 1460], length 0
11:40:28.756843 IP 178.32.81.x.http > 46.4.46.x.30776: Flags [S.], seq 3602612149, ack 2180077521, win 5840, options [mss 1460], length 0
I'd definitely be asking OVH for their assistance on this - they have some track record of cutting people's service off over matters like this - booting servers into some kind of resuce/ftp mode only and leaving them there.

You can prove to them that its not your machine so they should work with you accordingly to discover the source of this problem. I wouldn't be surprised if its connected with that bitcoin hack a few weeks ago and some kind of retaliation to try and sully their reputation.
Reply With Quote