[Cialug] Rootkit?
kristau
kristau at gmail.com
Thu Jan 31 20:44:07 CST 2008
Whois lookup on that IP (224.0.0.251) provides a pointer to RFC 3171.
The following is from that RFC:
2. Definition of Current Assignment Practice
Unlike IPv4 unicast address assignment, where blocks of addresses are
delegated to regional registries, IPv4 multicast addresses are
assigned directly by the IANA. Current assignments appear as follows
[IANA]:
224.0.0.0 - 224.0.0.255 (224.0.0/24) Local Network Control Block
224.0.1.0 - 224.0.1.255 (224.0.1/24) Internetwork Control Block
224.0.2.0 - 224.0.255.0 AD-HOC Block
224.1.0.0 - 224.1.255.255 (224.1/16) ST Multicast Groups
224.2.0.0 - 224.2.255.255 (224.2/16) SDP/SAP Block
224.252.0.0 - 224.255.255.255 DIS Transient Block
225.0.0.0 - 231.255.255.255 RESERVED
232.0.0.0 - 232.255.255.255 (232/8) Source Specific Multicast
Block
233.0.0.0 - 233.255.255.255 (233/8) GLOP Block
234.0.0.0 - 238.255.255.255 RESERVED
239.0.0.0 - 239.255.255.255 (239/8) Administratively Scoped
Block
I'm not TCP/IP genius, but I read "Local Network Control Block" as
something that probably isn't getting routed over the wild Internets.
Likely you've got a local runaway process that is generating a lot of
local packet traffic? That would explain the kernel space load, I
think, but doesn't really help you identify the culprit.
--
Tired programmer
Coding late into the night
The core dump follows
My GNUPG public key is available at http://www.kristau.net/public_key.asc
More information about the Cialug
mailing list