Linode Forum

[A32]

Firstly, I've opened a support ticket on this so I'm admittedly burning both ends. However, I've had this problem before and didn't get an explanation as to why it was happening so I'm posting this strangeness here.

I've been getting traffic like this from iptraf all day:

Quote:
UDP (168 bytes) from 64.22.109.153:17500 to 255.255.255.255:17500 (src HWaddr fefd40166d ?
? UDP (168 bytes) from 64.22.109.153:17500 to 64.22.109.255:17500 (src HWaddr fefd40166d99 ?
? UDP (168 bytes) from 64.22.109.153:17500 to 255.255.255.255:17500 (src HWaddr fefd40166d ?
? UDP (168 bytes) from 64.22.109.153:17500 to 64.22.109.255:17500 (src HWaddr fefd40166d99 ?
? UDP (168 bytes) from 64.22.109.153:17500 to 255.255.255.255:17500 (src HWaddr fefd40166d ?
? UDP (168 bytes) from 64.22.109.153:17500 to 64.22.109.255:17500


Problem is, none of these are my IP addresses!

Has anybody ever seen traffic on their node where the originator/recipient of data weren't even on your Linode-assigned IPs? If so, could you shed some light on the mystery?

Thanks!

[kbrantley]

I see a lot of data to :17500 as well.

Note that this data is being sent to the broadcast address (.255) which means every host on your subnet is getting it. Some other linode is sending this data to everyone -- that is where it is coming from.

Note that you also posted the IP of the source host, so..

[hoopycat]

That's Dropbox, a file storage/synchronization system. If the "Enable LAN Sync" option in the client is set, it will try to sync with other friendly clients on the same IP subnet to cut down on WAN traffic. This is handy if you have a desktop machine and a laptop, but is relatively pointless on a Linode.

So, the traffic's probably harmless. I'd ignore it.

[A32]

Thanks a bunch! Eases my worries a little bit.

[Guspaz]

hoopycat wrote: That's Dropbox, a file storage/synchronization system. If the "Enable LAN Sync" option in the client is set, it will try to sync with other friendly clients on the same IP subnet to cut down on WAN traffic. This is handy if you have a desktop machine and a laptop, but is relatively pointless on a Linode.

So, the traffic's probably harmless. I'd ignore it.

Not really, LAN sync over the private network would save you bandwidth if you have multiple linodes syncing to dropbox.

We used to use dropbox to back up our web root on our linode, but the lack of one-way sync made it problematic; now we just do nightly rsyncs and incremental backups on the result.

[A32]

It's still bugging me, though :-) It's like a bad neighbor with a brand-new stereo system going boom boom boom all night. (I look at my traffic quite a bit).

I wonder if there's any way I could block all of this without breaking something.

[jed]

A32 wrote: It's still bugging me, though :-)
This is part of being connected to the Internet...and, we all have to get used to it. I allegedly get 250 GB of transfer from Comcast, but 9-10GB of that a month is burnt on ARP for other systems and junk that isn't for me, including SSH scans, vulnerability checks, and so forth.

The only thing you truly have control over is your own system, not anyone else's -- this is the key to becoming enlightened as a sysadmin. Deal with the traffic when it arrives, and don't let it bother you. You'll feel a lot better when you stop worrying about it.

Before someone says bandwidth quota!:

Google wrote: ((168 bytes) / (30 seconds)) * 31 days = 14.3041992 megabytes
A32 wrote: I wonder if there's any way I could block all of this without breaking something.
Why, so that it doesn't log? Sure:

Code: iptables -I INPUT # -s 64.22.109.153 -p udp --dport 17500 -j DROP

What number to replace the "#" with is left as an exercise for the reader, since I don't know your firewall configuration. Read iptables(8). If you use ufw or Shorewall or something, don't use this -- use it instead.

[Stever]

A32 wrote: I wonder if there's any way I could block all of this without breaking something.
If all you are worried about is seeing it in iptraf, you can go into the "Filters..." submenu and set up an "IP..." filter rule.