[lug] Dropped packet question
Chip Atkinson
chip at pupman.com
Thu Sep 26 08:48:21 MDT 2013
Greetings all,
Due to the recent flooding I had to change data centers from my parents'
basement to mine, which resulted in re-doing my network.
Now that I've moved and re-IPed the server, I'm seeing large numbers of
dropped packets, slow ping times, basic network malaise. I've been
running a series of 100 pings 5 sec apart and then looking at the reported
loss figures.
With comcast's help, I believe that we've eliminated them and their
hardware.
I put a small linux netbook on the network in place of the server and was
able to ping it from outside (vpn to work and out from there) and the
ping response time and dropped packets were basically gone. Besides being
newer hardware and OS, the netbook had no services (web, dns, email).
I then connected the server and see the dropped packet and slow ping time
issue again.
I was using tcpdump and noticed that a large portion of the traffic is DNS
lookups:
08:42:23.411809 IP (tos 0x0, ttl 64, id 42252, offset 0, flags [+],
length: 1500) 173.14.7.2.53 > 108.174.149.7.2305: 13490| 250/0/1
bitstress.com. SOA[|domain]
08:42:23.411817 IP (tos 0x0, ttl 64, id 42252, offset 1480, flags [+],
length: 1500) 173.14.7.2 > 108.174.149.7: udp
08:42:23.411822 IP (tos 0x0, ttl 64, id 42252, offset 2960, flags [none],
length: 1150) 173.14.7.2 > 108.174.149.7: udp
Googling found this:
http://dnsamplificationattacks.blogspot.com/2013/09/domain-bitstresscom.html
My question is whether or not the dns traffic could be responsible for all
the dropped network packets or should I start looking elsewhere for the
problem?
I switched network interfaces and took the original server network
interface off the network, thinking that it could be broadcasting a bunch
of noise but still am seeing packet losses, though perhaps not as severe.
Thanks in advance for any insight and help.
Chip
More information about the LUG
mailing list