Is this a ddos attack?
1 2003-05-22 13:03:34.142491 this.is.my.ip -> some.unknown.ip IP Fragmented IP protocol (proto=UDP 0x11, off=8880)
3 2003-05-22 13:03:34.142622 this.is.my.ip -> some.unknown.ip IP Fragmented IP protocol (proto=UDP 0x11, off=10360)
5 2003-05-22 13:03:34.142756 this.is.my.ip -> some.unknown.ip IP Fragmented IP protocol (proto=UDP 0x11, off=11840)
<snip>
46 2003-05-22 13:03:34.146392 this.is.my.ip -> some.unknown.ip IP Fragmented IP protocol (proto=UDP 0x11, off=44400)
48 2003-05-22 13:03:34.146464 this.is.my.ip -> some.unknown.ip DNS Zone change notification unknown unknown unknown unknown unknown unknown unknown unknown unknown unknown unknown unknown unknown unknown unknown unknown unknown unknown unknown unknown unknown unknown unknown unknown unknown unknown unknown unknown [Malformed Packet]
<snip>
This was repeated many times, it's from the data center who unplugged my machine from the network due to the activity.
They said my machine was performing a ddos attack on the unknown IP.
Yet after investigating my machine they could find no evidence of it being compromised nor of it doing any malicious activity. I've also been through the logs and can't find anything out of place.
So, my questions:
1. Is the above actually a ddos attack?
2. If not, any ideas what it is?
This is a redhat server running Plesk psa (v2.5.5_build020809.15 os_RedHat 7.1) with all patches and firewalls running.
Any help would be appreciated.
