Weird IRCd Stuff

I recently noticed some weird rx in mrtg for a box I have coloed. It shows about 2GB in for every 10 megs out... This count is verified by my kernel byte counter. The machine is a game server/web server. This is nowhere near where it should be in terms of rx/tx relationship.

I did t a tcpdump in non promiscuous mode and it turns out that the machine is getting a ton of traffic from a saltek irc server located at the same colo facility that is destined for OTHER hosts. I tried googling, etc... I just don't see how our machine should be getting anyone else's packets (especially those not even destined for a remotely similar network).

Every chan in saltek has warez in the name. Great folks.

It's just shy of 1 mbit/second of traffic and it's enough to cause dropping of about 80% of packets on an 1.5 ghz machine, which seems a bit hi.

Just wondering if anyone has any insight.

Thanks a mucho =]

 

 

 

 

Top