Hi!
Last night we had a mysterious behaviour on our router. On a BGP
connection with Cogent we received an unexpected EOF. There were also
a great number of SSH logins (we do not have FW rules in place, but we
have a rate limit, Shortly after the router complained about low
memory and a few BGP sessions drop down (oviosly the one, which are
memory exhausting),
I wonder now, which is the event, that triggered this behavious? The
numer of ssh-logins at that time or this zbexpected EOF?
The log of that time:
May 17 04:29:24 emsdetten1 inetd[4291]: ssh from 82.165.235.170
exceeded counts/min (limit 10/min)
May 17 04:29:25 emsdetten1 last message repeated 7 times
May 17 04:29:36 emsdetten1 rpd[4303]: bgp_listen_accept: Connection
attempt from unconfigured neighbor: 91.190.xxx.xxx+40432
May 17 04:29:52 emsdetten1 rpd[4303]: bgp_recv: peer 149.6.xxx.xxx
(External AS 174): received unexpected EOF
May 17 04:30:06 emsdetten1 rpd[4303]: bgp_listen_accept: Connection
attempt from unconfigured neighbor: 91.190.xxx.xxx+43119
May 17 04:31:00 emsdetten1 /kernel: KERNEL_MEMORY_CRITICAL: System
low on free memory, notifying init (#2).
May 17 04:31:00 emsdetten1 cron[49326]: (root) CMD (adjkerntz -a)
May 17 04:31:01 emsdetten1 rpd[4303]: Received low-memory signal: BGP
Write active, 422 free pages
May 17 04:31:01 emsdetten1 rpd[4303]: Processing low memory signal
May 17 04:31:14 emsdetten1 rpd[4303]: bgp_listen_accept: Connection
attempt from unconfigured neighbor: 193.108.xxx.xxx+52139
May 17 04:31:34 emsdetten1 /kernel: KERN_ARP_ADDR_CHANGE: arp info
overwritten for 91.190.xxx.xxx from 00:00:1a:19:c1:0f to 00:00:1a:
19:c1:10
May 17 04:31:34 emsdetten1 sshd[49329]: Failed password for root from
82.165.235.170 port 56403 ssh2
May 17 04:31:34 emsdetten1 inetd[4291]: /usr/sbin/sshd[49329]:
exited, status 255
May 17 04:31:35 emsdetten1 sshd[49331]: Failed password for root from
82.165.235.170 port 47707 ssh2
May 17 04:31:35 emsdetten1 inetd[4291]: /usr/sbin/sshd[49331]:
exited, status 255
May 17 04:31:36 emsdetten1 sshd[49337]: Failed password for root from
82.165.235.170 port 57612 ssh2
May 17 04:31:36 emsdetten1 inetd[4291]: /usr/sbin/sshd[49337]:
exited, status 255
May 17 04:31:36 emsdetten1 sshd[49339]: Failed password for root from
82.165.235.170 port 49046 ssh2
May 17 04:31:36 emsdetten1 rpd[4303]: bgp_listen_accept: Connection
attempt from unconfigured neighbor: 91.190.xxx.xxx+47675
May 17 04:31:36 emsdetten1 inetd[4291]: /usr/sbin/sshd[49339]:
exited, status 255
May 17 04:31:38 emsdetten1 sshd[49335]: Failed password for root from
82.165.235.170 port 38441 ssh2
May 17 04:31:38 emsdetten1 inetd[4291]: /usr/sbin/sshd[49335]:
exited, status 255
May 17 04:31:39 emsdetten1 sshd[49330]: Failed password for root from
82.165.235.170 port 37700 ssh2
May 17 04:31:39 emsdetten1 inetd[4291]: /usr/sbin/sshd[49330]:
exited, status 255
May 17 04:31:39 emsdetten1 sshd[49345]: Failed password for root from
82.165.235.170 port 40019 ssh2
May 17 04:31:39 emsdetten1 inetd[4291]: ssh from 82.165.235.170
exceeded counts/min (limit 10/min)
May 17 04:31:40 emsdetten1 sshd[49343]: Failed password for root from
82.165.235.170 port 49411 ssh2
May 17 04:31:40 emsdetten1 inetd[4291]: /usr/sbin/sshd[49345]:
exited, status 255
May 17 04:31:40 emsdetten1 inetd[4291]: ssh from 82.165.235.170
exceeded counts/min (limit 10/min)
May 17 04:31:41 emsdetten1 sshd[49341]: Failed password for root from
82.165.235.170 port 57987 ssh2
May 17 04:31:41 emsdetten1 inetd[4291]: /usr/sbin/sshd[49341]:
exited, status 255
May 17 04:31:41 emsdetten1 inetd[4291]: ssh from 82.165.235.170
exceeded counts/min (limit 10/min)
May 17 04:31:41 emsdetten1 sshd[49347]: Failed password for root from
82.165.235.170 port 60041 ssh2
May 17 04:31:41 emsdetten1 inetd[4291]: /usr/sbin/sshd[49343]:
exited, status 255
May 17 04:31:41 emsdetten1 inetd[4291]: /usr/sbin/sshd[49347]:
exited, status 255
May 17 04:31:41 emsdetten1 inetd[4291]: ssh from 82.165.235.170
exceeded counts/min (limit 10/min)
May 17 04:31:41 emsdetten1 last message repeated 6 times
May 17 04:31:43 emsdetten1 rpd[4303]: bgp_listen_accept: Connection
attempt from unconfigured neighbor: 193.108.xxx.xxx+49573
May 17 04:31:47 emsdetten1 inetd[4291]: ssh from 82.165.235.170
exceeded counts/min (limit 10/min)
May 17 04:31:51 emsdetten1 sshd[49349]: Failed password for root from
218.26.118.106 port 49903 ssh2
May 17 04:31:52 emsdetten1 inetd[4291]: /usr/sbin/sshd[49349]:
exited, status 255
May 17 04:31:52 emsdetten1 sshd[49351]: Failed password for root from
218.26.118.106 port 49931 ssh2
May 17 04:31:52 emsdetten1 inetd[4291]: /usr/sbin/sshd[49351]:
exited, status 255
May 17 04:31:53 emsdetten1 inetd[4291]: ssh from 82.165.235.170
exceeded counts/min (limit 10/min)
May 17 04:31:53 emsdetten1 last message repeated 2 times
May 17 04:31:53 emsdetten1 rpd[4303]: Received