Help! Something is killing my server nearly every day.

biggles · Unread post by **biggles** » Tue Jun 04, 2013 4:32 am

Since about a week one of my servers gets overloaded every other day. The longest it's been up is for about to days. The server is a virtualized container and the only way to recover is to reboot. I'm unable to SSH or use the local console until reboot. Often it takes to reboots. When watching performance with atop I see that the main processes consuming a lot if processor after reboot are ossec and mysql. I could also see some reference of mysql crashing after one reboot. I really don't know where to start looking for the offender...

biggles · Unread post by **biggles** » Tue Jun 04, 2013 4:34 am

When restarting the first time it often hangs and consumes al the resources at starting tortixd.

faris · Unread post by **faris** » Tue Jun 04, 2013 10:16 am

If it is Virtuozzo, check the Power Panel and see what resources are going red (look at the details as well).

At any rate, if some resource is going red a lot, you may need to increase the amount of whatever it is by upgrading your Container.

biggles · Unread post by **biggles** » Tue Jun 04, 2013 10:38 am

Nope, ESX 4.1...

faris · Unread post by **faris** » Tue Jun 04, 2013 10:49 am

Hmm...errr....ummm.. In that case don't know

biggles · Unread post by **biggles** » Tue Jun 04, 2013 10:56 am

Here is a dump of /var/log/messages the minutes before the dump:

I find it strange that I get all the firewall messages suddenly. Normally there are just a few every 30 minutes.

Code: Select all

Jun  4 10:02:28 server7 kernel: PAX: execution attempt in: <anonymous mapping>, af76c000-af76f000 af76c000
Jun  4 10:02:28 server7 kernel: PAX: terminating task: /usr/libexec/paxtest/anonmap(anonmap):815, uid/euid: 0/0, PC: af76c000, SP: b843609
c
Jun  4 10:02:28 server7 kernel: PAX: bytes at PC: c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Jun  4 10:02:28 server7 kernel: PAX: bytes at SP-4: b84360b8 08048944 00000000 00001000 00000003 00000022 ffffffff 00000000 b84360f8 08048
8d6 b84360e4 00000000 080488f0 08048740 af743ff4 af74220c b8436108 080489a9 af616f85 af5e9b90 b8436108
Jun  4 10:02:30 server7 xinetd[2891]: EXIT: smtp status=0 pid=801 duration=7(sec)
Jun  4 10:02:30 server7 kernel: PAX: execution attempt in: /usr/libexec/paxtest/execbss, 08049000-0804a000 00000000
Jun  4 10:02:30 server7 kernel: PAX: terminating task: /usr/libexec/paxtest/execbss(execbss):824, uid/euid: 0/0, PC: 08049b34, SP: bb05c02
c
Jun  4 10:02:30 server7 kernel: PAX: bytes at PC: c3 00 00 00 00 00 00 00 00 00 00 00 00 6c 69 62 70 74 68 72
Jun  4 10:02:30 server7 kernel: PAX: bytes at SP-4: b061cbab 08048882 00000000 00000000 bb05c078 08048846 bb05c064 00000000 08048860 08048
6b0 b0612ff4 b061120c bb05c088 080488b9 b04e5f85 b04b8b90 bb05c088 bb05c090 b065aca0 00000000 bb05c0e8
Jun  4 10:02:31 server7 kernel: PAX: execution attempt in: /usr/libexec/paxtest/execdata, 08049000-0804a000 00000000
Jun  4 10:02:31 server7 kernel: PAX: terminating task: /usr/libexec/paxtest/execdata(execdata):832, uid/euid: 0/0, PC: 08049b28, SP: b7f31
2fc
Jun  4 10:02:31 server7 kernel: PAX: bytes at PC: c3 00 00 00 00 00 00 00 00 00 00 00 c0 b4 31 a9 00 00 00 00
Jun  4 10:02:31 server7 kernel: PAX: bytes at SP-4: a9324bab 08048882 00000000 00000000 b7f31348 08048846 b7f31334 00000000 08048860 08048
6b0 a931aff4 a931920c b7f31358 080488b9 a91edf85 a91c0b90 b7f31358 b7f31360 a9362ca0 00000000 b7f313b8
Jun  4 10:02:32 server7 kernel: PAX: execution attempt in: <anonymous mapping>, 0b8a9000-0b8cb000 0b8a9000
Jun  4 10:02:32 server7 kernel: PAX: terminating task: /usr/libexec/paxtest/execheap(execheap):839, uid/euid: 0/0, PC: 0b8a9448, SP: ba69c
47c
Jun  4 10:02:32 server7 kernel: PAX: bytes at PC: c3 00 00 00 00 00 00 00 00 00 00 00 b1 1b 02 00 00 00 00 00
Jun  4 10:02:32 server7 kernel: PAX: bytes at SP-4: ba69c498 0804891b 0000000c abe6b740 abe35bab abe2bff4 00000000 00000000 ba69c4d8 08048
8d6 ba69c4c4 00000000 080488f0 08048740 abe2bff4 abe2a20c ba69c4e8 08048989 abcfef85 abcd1b90 ba69c4e8
Jun  4 10:02:33 server7 kernel: PAX: execution attempt in: <anonymous mapping>, b8c1f000-b8c34000 bffeb000
Jun  4 10:02:33 server7 kernel: PAX: terminating task: /usr/libexec/paxtest/execstack(execstack):846, uid/euid: 0/0, PC: b8c30ed8, SP: b8c
30ecc
Jun  4 10:02:33 server7 kernel: PAX: bytes at PC: c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Jun  4 10:02:33 server7 kernel: PAX: bytes at SP-4: 00000000 08048888 00000000 00000000 000000c3 00000000 00000000 00000000 00000000 00000
000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
Jun  4 10:02:34 server7 kernel: PAX: execution attempt in: <anonymous mapping>, aaf3d000-aaf40000 aaf3d000
Jun  4 10:02:34 server7 kernel: PAX: terminating task: /usr/libexec/paxtest/mprotanon(mprotanon):853, uid/euid: 0/0, PC: aaf3d000, SP: b72
a71fc
Jun  4 10:02:34 server7 kernel: PAX: bytes at PC: c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Jun  4 10:02:34 server7 kernel: PAX: bytes at SP-4: b72a7228 0804895f aaf3d000 00001000 00000005 00000022 ffffffff 00000000 aaf1ebab aaf14
ff4 00000000 aaf14ff4 b72a7268 080488d6 b72a7254 00000000 080488f0 08048740 aaf14ff4 aaf1320c b72a7278
Jun  4 10:02:34 server7 kernel: PAX: execution attempt in: /usr/libexec/paxtest/mprotbss, 08049000-0804a000 00000000
Jun  4 10:02:34 server7 kernel: PAX: terminating task: /usr/libexec/paxtest/mprotbss(mprotbss):860, uid/euid: 0/0, PC: 08049b74, SP: b7c21
f5c
Jun  4 10:02:34 server7 kernel: PAX: bytes at PC: c3 00 00 00 00 00 00 00 00 00 00 00 00 6c 69 62 70 74 68 72
Jun  4 10:02:34 server7 kernel: PAX: bytes at SP-4: b7c21f78 0804889e 08049b74 0000000c 00000005 aabedff4 00000000 00000000 b7c21fb8 08048
846 b7c21fa4 00000000 08048860 080486b0 aabedff4 aabec20c b7c21fc8 080488e9 aaac0f85 aaa93b90 b7c21fc8
Jun  4 10:02:36 server7 kernel: PAX: execution attempt in: /usr/libexec/paxtest/mprotdata, 08049000-0804a000 00000000
Jun  4 10:02:36 server7 kernel: PAX: terminating task: /usr/libexec/paxtest/mprotdata(mprotdata):867, uid/euid: 0/0, PC: 08049b68, SP: bbc
731dc
Jun  4 10:02:36 server7 kernel: PAX: bytes at PC: c3 00 00 00 00 00 00 00 00 00 00 00 c0 54 cb ab 00 00 00 00
Jun  4 10:02:36 server7 kernel: PAX: bytes at SP-4: bbc731f8 0804889e 08049b68 0000000c 00000005 abcb4ff4 00000000 00000000 bbc73238 08048
846 bbc73224 00000000 08048860 080486b0 abcb4ff4 abcb320c bbc73248 080488e9 abb87f85 abb5ab90 bbc73248
Jun  4 10:02:37 server7 kernel: PAX: execution attempt in: <anonymous mapping>, 0bc94000-0bcb6000 0bc94000
Jun  4 10:02:37 server7 kernel: PAX: terminating task: /usr/libexec/paxtest/mprotheap(mprotheap):874, uid/euid: 0/0, PC: 0bc94998, SP: bf1
1521c
Jun  4 10:02:37 server7 kernel: PAX: bytes at PC: c3 00 00 00 00 00 00 00 00 00 00 00 61 16 02 00 00 00 00 00
Jun  4 10:02:37 server7 kernel: PAX: bytes at SP-4: bf115238 08048936 0bc94998 00000001 00000005 b5c94ff4 00000000 b5c94ff4 bf115278 08048
8d6 bf115264 00000000 080488f0 08048740 b5c94ff4 b5c9320c bf115288 080489b9 b5b67f85 b5b3ab90 bf115288
Jun  4 10:02:38 server7 kernel: PAX: execution attempt in: /usr/libexec/paxtest/shlibtest.so, 9ca6e000-9ca70000 00000000
Jun  4 10:02:38 server7 kernel: PAX: terminating task: /usr/libexec/paxtest/mprotshbss(mprotshbss):881, uid/euid: 0/0, PC: 9ca6f560, SP: b
0e58dbc
Jun  4 10:02:38 server7 kernel: PAX: bytes at PC: c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Jun  4 10:02:38 server7 kernel: PAX: bytes at SP-4: b0e58de8 08048995 9ca6f560 0000000c 00000005 00000000 b0e58e28 9cab1740 9ca9c5b8 9ca68
ff4 00000000 00000000 b0e58e28 08048be6 b0e58e14 00000000 08048c00 08048a50 9ca68ff4 9ca6720c b0e58e38
Jun  4 10:02:39 server7 named[4034]: unexpected RCODE (SERVFAIL) resolving '178.89.120.176.megaline.telecom.kz/A/IN': 212.19.149.54#53
Jun  4 10:02:39 server7 kernel: PAX: execution attempt in: /usr/libexec/paxtest/shlibtest.so, a8a24000-a8a26000 00000000
Jun  4 10:02:39 server7 kernel: PAX: terminating task: /usr/libexec/paxtest/mprotshdata(mprotshdata):888, uid/euid: 0/0, PC: a8a24540, SP:
 b3c4e37c
Jun  4 10:02:39 server7 kernel: PAX: bytes at PC: c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Jun  4 10:02:39 server7 kernel: PAX: bytes at SP-4: b3c4e3a8 08048995 a8a24540 0000000c 00000005 00000000 b3c4e3e8 a8a67740 a8a525b8 a8a1e
ff4 00000000 00000000 b3c4e3e8 08048be6 b3c4e3d4 00000000 08048c00 08048a50 a8a1eff4 a8a1d20c b3c4e3f8
Jun  4 10:02:41 server7 kernel: PAX: execution attempt in: <anonymous mapping>, b0c33000-b0c48000 bffeb000
Jun  4 10:02:41 server7 kernel: PAX: terminating task: /usr/libexec/paxtest/mprotstack(mprotstack):895, uid/euid: 0/0, PC: b0c47928, SP: b
0c4790c
Jun  4 10:02:41 server7 kernel: PAX: bytes at PC: c3 eb 9d 9c f4 4f 9d 9c 00 00 00 00 f4 4f 9d 9c 78 79 c4 b0
Jun  4 10:02:41 server7 kernel: PAX: bytes at SP-4: b0c47938 08048898 b0c47928 0000000c 00000007 00000000 b0c47978 9ca14740 9c9debc3 9c9d4
ff4 00000000 9c9d4ff4 b0c47978 08048846 b0c47964 00000000 08048860 080486b0 9c9d4ff4 9c9d320c b0c47988
Jun  4 10:02:42 server7 xinetd[2891]: START: smtp pid=901 from=89.221.160.212
Jun  4 10:02:46 server7 named[4034]: unexpected RCODE (SERVFAIL) resolving '238.241.94.80.in-addr.arpa/PTR/IN': 84.234.48.2#53
Jun  4 10:02:46 server7 named[4034]: unexpected RCODE (SERVFAIL) resolving '238.241.94.80.in-addr.arpa/PTR/IN': 84.234.48.3#53
Jun  4 10:02:47 server7 named[4034]: unexpected RCODE (SERVFAIL) resolving '238.241.94.80.in-addr.arpa/PTR/IN': 84.234.48.2#53
Jun  4 10:02:47 server7 named[4034]: unexpected RCODE (SERVFAIL) resolving '238.241.94.80.in-addr.arpa/PTR/IN': 84.234.48.3#53
Jun  4 10:02:50 server7 named[4034]: lame server resolving '123.139.28.120.in-addr.arpa' (in '139.28.120.in-addr.arpa'?): 203.177.255.10#5
3
Jun  4 10:02:50 server7 named[4034]: lame server resolving '123.139.28.120.in-addr.arpa' (in '139.28.120.in-addr.arpa'?): 203.127.225.11#5
3
Jun  4 10:02:53 server7 named[4034]: lame server resolving '123.139.28.120.in-addr.arpa' (in '139.28.120.in-addr.arpa'?): 203.177.255.10#5
3
Jun  4 10:02:53 server7 named[4034]: lame server resolving '123.139.28.120.in-addr.arpa' (in '139.28.120.in-addr.arpa'?): 203.127.225.11#5
3
Jun  4 10:02:54 server7 named[4034]: connection refused resolving '212.160.221.89.psbl.surriel.com/A/IN': 82.94.250.75#53
Jun  4 10:02:55 server7 xinetd[2891]: refused connect from 64.71.162.170 due to excessive load
Jun  4 10:02:55 server7 xinetd[2891]: FAIL: smtp load from=64.71.162.170
Jun  4 10:02:55 server7 xinetd[2891]: refused connect from 64.71.162.170 due to excessive load
Jun  4 10:02:55 server7 xinetd[2891]: FAIL: smtp load from=64.71.162.170
Jun  4 10:02:56 server7 xinetd[2891]: refused connect from 64.71.162.170 due to excessive load
Jun  4 10:02:56 server7 xinetd[2891]: FAIL: smtp load from=64.71.162.170
Jun  4 10:03:08 server7 xinetd[2891]: EXIT: smtp status=0 pid=901 duration=26(sec)
Jun  4 10:03:08 server7 xinetd[2891]: refused connect from 217.216.91.192 due to excessive load
Jun  4 10:03:08 server7 xinetd[2891]: FAIL: smtp load from=217.216.91.192
Jun  4 10:03:16 server7 named[4034]: unexpected RCODE (SERVFAIL) resolving '190.33.129.217.in-addr.arpa/PTR/IN': 193.0.9.6#53
Jun  4 10:03:16 server7 xinetd[2891]: refused connect from 72.46.140.106 due to excessive load
Jun  4 10:03:16 server7 xinetd[2891]: FAIL: smtp load from=72.46.140.106
Jun  4 10:03:23 server7 xinetd[2891]: refused connect from 95.141.32.46 due to excessive load
Jun  4 10:03:23 server7 xinetd[2891]: FAIL: smtp load from=95.141.32.46
Jun  4 10:03:24 server7 xinetd[2891]: refused connect from 95.141.32.46 due to excessive load
Jun  4 10:03:24 server7 xinetd[2891]: FAIL: smtp load from=95.141.32.46
Jun  4 10:03:25 server7 xinetd[2891]: refused connect from 72.46.140.106 due to excessive load
Jun  4 10:03:25 server7 xinetd[2891]: FAIL: smtp load from=72.46.140.106
Jun  4 10:03:35 server7 named[4034]: unexpected RCODE (REFUSED) resolving 'adsl.viettel.vn/A/IN': 203.113.131.2#53
Jun  4 10:03:58 server7 named[4034]: unexpected RCODE (REFUSED) resolving '182.118.55.110.in-addr.arpa/PTR/IN': 210.4.2.4#53
Jun  4 10:04:07 server7 named[4034]: unexpected RCODE (REFUSED) resolving '248.64.204.207.in-addr.arpa/PTR/IN': 65.183.0.84#53
Jun  4 10:04:07 server7 named[4034]: unexpected RCODE (REFUSED) resolving '248.64.204.207.in-addr.arpa/PTR/IN': 65.183.0.78#53
Jun  4 10:04:08 server7 named[4034]: unexpected RCODE (REFUSED) resolving '248.64.204.207.in-addr.arpa/PTR/IN': 65.183.0.84#53
Jun  4 10:04:09 server7 named[4034]: unexpected RCODE (REFUSED) resolving '248.64.204.207.in-addr.arpa/PTR/IN': 65.183.0.78#53
Jun  4 10:04:16 server7 xinetd[2891]: refused connect from 76.72.172.208 due to excessive load
Jun  4 10:04:16 server7 xinetd[2891]: FAIL: smtp load from=76.72.172.208
Jun  4 10:04:18 server7 xinetd[2891]: refused connect from 217.28.197.6 due to excessive load
Jun  4 10:04:18 server7 xinetd[2891]: FAIL: smtp load from=217.28.197.6
Jun  4 10:04:22 server7 named[4034]: unexpected RCODE (SERVFAIL) resolving '18.90.253.212.in-addr.arpa/PTR/IN': 193.0.9.6#53
Jun  4 10:04:26 server7 kernel: PAX: execution attempt in: /usr/libexec/paxtest/shlibtest2.so, abc48000-abc4a000 00000000
Jun  4 10:04:26 server7 kernel: PAX: terminating task: /usr/libexec/paxtest/shlibbss(shlibbss):1249, uid/euid: 0/0, PC: abc49560, SP: bf10
673c
Jun  4 10:04:26 server7 kernel: PAX: bytes at PC: c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Jun  4 10:04:27 server7 kernel: PAX: bytes at SP-4: bf106768 08048b3b abc755f0 08048d5f 00000051 00000000 bf1067a8 abc8a740 abc75328 abc3d
ff4 00000000 00000000 bf1067a8 08048a76 bf106794 00000000 08048a90 080488e0 abc3dff4 abc3c20c bf1067b8
Jun  4 10:04:35 server7 kernel: PAX: execution attempt in: /usr/libexec/paxtest/shlibtest2.so, a1ef6000-a1ef8000 00000000
Jun  4 10:04:35 server7 kernel: PAX: terminating task: /usr/libexec/paxtest/shlibdata(shlibdata):1266, uid/euid: 0/0, PC: a1ef6540, SP: b1
03c25c
Jun  4 10:04:35 server7 kernel: PAX: bytes at PC: c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Jun  4 10:04:35 server7 kernel: PAX: bytes at SP-4: b103c288 08048b3b a1f235f0 08048d60 00000051 00000000 b103c2c8 a1f38740 a1f23328 a1eeb
ff4 00000000 00000000 b103c2c8 08048a76 b103c2b4 00000000 08048a90 080488e0 a1eebff4 a1eea20c b103c2d8
Jun  4 10:04:44 server7 xinetd[2891]: refused connect from 195.140.184.78 due to excessive load
Jun  4 10:04:44 server7 xinetd[2891]: FAIL: smtp load from=195.140.184.78
Jun  4 10:04:44 server7 named[4034]: unexpected RCODE (SERVFAIL) resolving '198.159.119.42.in-addr.arpa/PTR/IN': 210.245.31.10#53
Jun  4 10:04:59 server7 xinetd[2891]: refused connect from 77.110.52.49 due to excessive load
Jun  4 10:04:59 server7 xinetd[2891]: FAIL: smtp load from=77.110.52.49
Jun  4 10:05:05 server7 named[4034]: unexpected RCODE (REFUSED) resolving '70.129.68.118.in-addr.arpa/PTR/IN': 210.245.31.10#53
Jun  4 10:05:05 server7 named[4034]: host unreachable resolving 'triband-mum-59.184.39.6.mtnl.net.in/A/IN': 202.159.230.240#53
Jun  4 10:05:09 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=113.166.1.125 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=35444 DF
 PROTO=TCP SPT=80 DPT=1587 SEQ=441370479 ACK=2536326565 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:05:09 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=113.166.1.125 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=35445 DF
 PROTO=TCP SPT=80 DPT=1587 SEQ=441370479 ACK=2536326565 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:05:16 server7 named[4034]: lame server resolving '203.225.10.103.in-addr.arpa' (in '225.10.103.in-addr.arpa'?): 203.192.204.5#53
Jun  4 10:05:16 server7 xinetd[2891]: refused connect from 184.75.210.226 due to excessive load
Jun  4 10:05:16 server7 xinetd[2891]: FAIL: smtp load from=184.75.210.226
Jun  4 10:05:27 server7 named[4034]: unexpected RCODE (REFUSED) resolving 'ns.freenet.ua/A/IN': 193.24.25.250#53
Jun  4 10:05:27 server7 named[4034]: unexpected RCODE (REFUSED) resolving 'ns1.freenet.ua/A/IN': 193.24.25.250#53
Jun  4 10:05:27 server7 named[4034]: unexpected RCODE (REFUSED) resolving 'ns3.freenet.ua/A/IN': 193.24.25.250#53
Jun  4 10:05:27 server7 named[4034]: unexpected RCODE (REFUSED) resolving 'ns2.freenet.ua/A/IN': 193.24.25.250#53
Jun  4 10:05:28 server7 named[4034]: unexpected RCODE (REFUSED) resolving 'ns.freenet.ua/A/IN': 193.24.25.1#53
Jun  4 10:05:28 server7 named[4034]: unexpected RCODE (REFUSED) resolving 'ns1.freenet.ua/A/IN': 193.24.25.1#53
Jun  4 10:05:28 server7 named[4034]: unexpected RCODE (REFUSED) resolving 'ns3.freenet.ua/A/IN': 193.24.25.1#53
Jun  4 10:05:28 server7 named[4034]: unexpected RCODE (REFUSED) resolving 'ns2.freenet.ua/A/IN': 193.24.25.1#53
Jun  4 10:05:43 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=178.148.179.152 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=63805
DF PROTO=TCP SPT=80 DPT=2214 SEQ=134850695 ACK=1248826014 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:05:43 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=178.148.179.152 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=63806
DF PROTO=TCP SPT=80 DPT=2214 SEQ=134850695 ACK=1248826014 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:05:44 server7 named[4034]: unexpected RCODE (REFUSED) resolving '4.28.53.161.in-addr.arpa/PTR/IN': 161.53.2.70#53
Jun  4 10:05:45 server7 named[4034]: unexpected RCODE (REFUSED) resolving '4.28.53.161.in-addr.arpa/PTR/IN': 161.53.2.70#53
Jun  4 10:05:46 server7 xinetd[2891]: refused connect from 64.20.227.137 due to excessive load
Jun  4 10:05:46 server7 xinetd[2891]: FAIL: smtp load from=64.20.227.137
Jun  4 10:05:48 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=115.76.3.157 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=20175 DF
PROTO=TCP SPT=80 DPT=3972 SEQ=3680311883 ACK=3514840005 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:05:48 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=115.76.3.157 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=20176 DF
PROTO=TCP SPT=80 DPT=3972 SEQ=3680311883 ACK=3514840005 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:05:51 server7 kernel: DROP_ASL_INPUT IN=eth0 OUT= MAC=00:0c:29:14:b0:dd:00:19:30:b9:8a:5f:08:00 SRC=85.154.61.206 DST=89.189.202
.13 LEN=54 TOS=0x00 PREC=0x00 TTL=118 ID=51213 DF PROTO=UDP SPT=1569 DPT=80 LEN=34
Jun  4 10:05:52 server7 xinetd[2891]: refused connect from 213.66.96.135 due to excessive load
Jun  4 10:05:52 server7 xinetd[2891]: FAIL: smtps load from=213.66.96.135
Jun  4 10:05:53 server7 xinetd[2891]: refused connect from 213.66.96.135 due to excessive load
Jun  4 10:05:53 server7 xinetd[2891]: FAIL: smtps load from=213.66.96.135
Jun  4 10:05:55 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=118.110.77.142 LEN=1438 TOS=0x00 PREC=0x00 TTL=64 ID=48222 D
F PROTO=TCP SPT=80 DPT=65395 SEQ=617475612 ACK=3998172671 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:05:55 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=118.110.77.142 LEN=1438 TOS=0x00 PREC=0x00 TTL=64 ID=48223 D
F PROTO=TCP SPT=80 DPT=65395 SEQ=617475612 ACK=3998172671 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:06:00 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=133.37.209.103 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=16794 D
F PROTO=TCP SPT=80 DPT=49383 SEQ=3416661511 ACK=399554162 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:06:00 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=133.37.209.103 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=16795 D
F PROTO=TCP SPT=80 DPT=49383 SEQ=3416661511 ACK=399554162 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:06:08 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=83.183.125.88 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=58519 DF
 PROTO=TCP SPT=80 DPT=57452 SEQ=3433009106 ACK=351157992 WINDOW=120 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:06:08 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=83.183.125.88 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=58520 DF
 PROTO=TCP SPT=80 DPT=57452 SEQ=3433009106 ACK=351157992 WINDOW=120 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:06:11 server7 named[4034]: unexpected RCODE (SERVFAIL) resolving '95.58.57.207.megaline.telecom.kz/A/IN': 212.19.149.54#53
Jun  4 10:06:13 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=212.253.90.18 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=46387 DF
 PROTO=TCP SPT=80 DPT=54561 SEQ=2285622298 ACK=952771000 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:06:13 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=212.253.90.18 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=46388 DF
 PROTO=TCP SPT=80 DPT=54561 SEQ=2285622298 ACK=952771000 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:06:16 server7 xinetd[2891]: refused connect from 78.40.124.16 due to excessive load
Jun  4 10:06:16 server7 xinetd[2891]: FAIL: smtp load from=78.40.124.16
Jun  4 10:06:19 server7 named[4034]: unexpected RCODE (SERVFAIL) resolving '218.173.81.195.in-addr.arpa/PTR/IN': 212.23.32.66#53
Jun  4 10:06:19 server7 named[4034]: unexpected RCODE (SERVFAIL) resolving '218.173.81.195.in-addr.arpa/PTR/IN': 212.23.33.66#53
Jun  4 10:06:20 server7 named[4034]: unexpected RCODE (SERVFAIL) resolving '218.173.81.195.in-addr.arpa/PTR/IN': 212.23.33.66#53
Jun  4 10:06:20 server7 named[4034]: unexpected RCODE (SERVFAIL) resolving '218.173.81.195.in-addr.arpa/PTR/IN': 212.23.32.66#53
Jun  4 10:06:23 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=126.12.90.40 LEN=1454 TOS=0x00 PREC=0x00 TTL=64 ID=19416 DF
PROTO=TCP SPT=80 DPT=54952 SEQ=3208891816 ACK=1503328667 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:06:23 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=126.12.90.40 LEN=1454 TOS=0x00 PREC=0x00 TTL=64 ID=19417 DF
PROTO=TCP SPT=80 DPT=54952 SEQ=3208891816 ACK=1503328667 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:06:27 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=176.73.65.13 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=41804 DF
PROTO=TCP SPT=80 DPT=56706 SEQ=1174928444 ACK=3080412849 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:06:27 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=176.73.65.13 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=41805 DF
PROTO=TCP SPT=80 DPT=56706 SEQ=1174928444 ACK=3080412849 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:06:29 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=117.3.168.250 LEN=1480 TOS=0x00 PREC=0x00 TTL=64 ID=58394 DF
 PROTO=TCP SPT=80 DPT=12001 SEQ=1378059157 ACK=2745936356 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:06:29 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=117.3.168.250 LEN=1480 TOS=0x00 PREC=0x00 TTL=64 ID=58395 DF
 PROTO=TCP SPT=80 DPT=12001 SEQ=1378059157 ACK=2745936356 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:06:34 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=111.93.180.66 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=43766 DF
 PROTO=TCP SPT=80 DPT=56119 SEQ=2585475140 ACK=1233616009 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:06:34 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=111.93.180.66 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=43767 DF
 PROTO=TCP SPT=80 DPT=56119 SEQ=2585475140 ACK=1233616009 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:06:34 server7 named[4034]: unexpected RCODE (REFUSED) resolving '192.64.73.115.in-addr.arpa/PTR/IN': 203.113.131.2#53
Jun  4 10:06:39 server7 xinetd[2891]: refused connect from 94.234.170.68 due to excessive load
Jun  4 10:06:39 server7 xinetd[2891]: FAIL: smtps load from=94.234.170.68
Jun  4 10:06:40 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=123.220.16.29 LEN=1454 TOS=0x00 PREC=0x00 TTL=64 ID=44861 DF
 PROTO=TCP SPT=80 DPT=58380 SEQ=4067291214 ACK=3474807824 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:06:40 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=123.220.16.29 LEN=1454 TOS=0x00 PREC=0x00 TTL=64 ID=44862 DF
 PROTO=TCP SPT=80 DPT=58380 SEQ=4067291214 ACK=3474807824 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:06:41 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=116.70.155.177 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=46650 D
F PROTO=TCP SPT=80 DPT=64411 SEQ=205073426 ACK=1648348173 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:06:41 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=116.70.155.177 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=46651 D
F PROTO=TCP SPT=80 DPT=64411 SEQ=205073426 ACK=1648348173 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:06:41 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=59.184.39.6 LEN=1440 TOS=0x00 PREC=0x00 TTL=64 ID=17119 DF P
ROTO=TCP SPT=80 DPT=28242 SEQ=3115373467 ACK=2571421135 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:06:42 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=176.9.83.228 LEN=349 TOS=0x00 PREC=0x00 TTL=64 ID=20073 DF P
ROTO=TCP SPT=80 DPT=50023 SEQ=539281549 ACK=2413905424 WINDOW=108 RES=0x00 ACK PSH URGP=0 UID=48 GID=48
Jun  4 10:06:43 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=78.171.166.202 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=46399 D
F PROTO=TCP SPT=80 DPT=28568 SEQ=782512116 ACK=1564224624 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:06:50 server7 xinetd[2891]: refused connect from 94.234.170.68 due to excessive load
Jun  4 10:06:50 server7 xinetd[2891]: FAIL: smtps load from=94.234.170.68
Jun  4 10:06:55 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=92.54.221.251 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=4441 DF
PROTO=TCP SPT=80 DPT=59313 SEQ=157972607 ACK=3344771433 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:06:55 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=92.54.221.251 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=4442 DF
PROTO=TCP SPT=80 DPT=59313 SEQ=157972607 ACK=3344771433 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:00 server7 xinetd[2891]: refused connect from 94.234.170.68 due to excessive load
Jun  4 10:07:00 server7 xinetd[2891]: FAIL: smtps load from=94.234.170.68
Jun  4 10:07:00 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=60.50.52.163 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=9694 DF P
ROTO=TCP SPT=80 DPT=58975 SEQ=3269608888 ACK=1917863881 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:00 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=60.50.52.163 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=9695 DF P
ROTO=TCP SPT=80 DPT=58975 SEQ=3269608888 ACK=1917863881 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:05 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=188.176.218.161 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=61912
DF PROTO=TCP SPT=80 DPT=53007 SEQ=427856747 ACK=3365266453 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:05 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=188.176.218.161 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=61913
DF PROTO=TCP SPT=80 DPT=53007 SEQ=427856747 ACK=3365266453 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:08 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=41.200.162.185 LEN=1440 TOS=0x00 PREC=0x00 TTL=64 ID=55881 D
F PROTO=TCP SPT=80 DPT=12154 SEQ=3176557673 ACK=2385886161 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:08 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=41.200.162.185 LEN=1440 TOS=0x00 PREC=0x00 TTL=64 ID=55882 D
F PROTO=TCP SPT=80 DPT=12154 SEQ=3176557673 ACK=2385886161 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:14 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=114.159.200.5 LEN=1454 TOS=0x00 PREC=0x00 TTL=64 ID=39290 DF
 PROTO=TCP SPT=80 DPT=61863 SEQ=2718432197 ACK=2463051533 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:14 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=114.159.200.5 LEN=1454 TOS=0x00 PREC=0x00 TTL=64 ID=39291 DF
 PROTO=TCP SPT=80 DPT=61863 SEQ=2718432197 ACK=2463051533 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:15 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=58.9.86.161 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=53996 DF P
ROTO=TCP SPT=80 DPT=15374 SEQ=2709876456 ACK=3146974234 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:15 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=58.9.86.161 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=53997 DF P
ROTO=TCP SPT=80 DPT=15374 SEQ=2709876456 ACK=3146974234 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:15 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=58.9.86.161 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=53998 DF P
ROTO=TCP SPT=80 DPT=15374 SEQ=2709876456 ACK=3146974234 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:16 server7 xinetd[2891]: refused connect from 46.165.195.139 due to excessive load
Jun  4 10:07:16 server7 xinetd[2891]: FAIL: smtp load from=46.165.195.139
Jun  4 10:07:16 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=60.50.52.163 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=8235 DF P
ROTO=TCP SPT=80 DPT=58974 SEQ=1077493837 ACK=1735325279 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:16 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=60.50.52.163 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=8236 DF P
ROTO=TCP SPT=80 DPT=58974 SEQ=1077493837 ACK=1735325279 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:20 server7 named[4034]: unexpected RCODE (SERVFAIL) resolving '75.106.118.42.in-addr.arpa/PTR/IN': 210.245.31.10#53
Jun  4 10:07:20 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=83.183.125.88 LEN=779 TOS=0x00 PREC=0x00 TTL=64 ID=64484 DF
PROTO=TCP SPT=80 DPT=57453 SEQ=1566804622 ACK=587922975 WINDOW=137 RES=0x00 ACK PSH URGP=0 UID=48 GID=48
Jun  4 10:07:20 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=120.61.162.238 LEN=1440 TOS=0x00 PREC=0x00 TTL=64 ID=15048 D
F PROTO=TCP SPT=80 DPT=17659 SEQ=4116690362 ACK=2916305155 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:20 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=120.61.162.238 LEN=1440 TOS=0x00 PREC=0x00 TTL=64 ID=15049 D
F PROTO=TCP SPT=80 DPT=17659 SEQ=4116690362 ACK=2916305155 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:23 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=60.50.52.163 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=4177 DF P
ROTO=TCP SPT=80 DPT=58976 SEQ=2248241169 ACK=3515485432 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:23 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=60.50.52.163 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=4178 DF P
ROTO=TCP SPT=80 DPT=58976 SEQ=2248241169 ACK=3515485432 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:25 server7 xinetd[2891]: refused connect from 213.115.0.235 due to excessive load
Jun  4 10:07:25 server7 xinetd[2891]: FAIL: smtp load from=213.115.0.235
Jun  4 10:07:26 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=180.190.183.167 LEN=1452 TOS=0x00 PREC=0x00 TTL=64 ID=52820
DF PROTO=TCP SPT=80 DPT=49771 SEQ=68057638 ACK=1279362013 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:26 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=180.190.183.167 LEN=1452 TOS=0x00 PREC=0x00 TTL=64 ID=52821
DF PROTO=TCP SPT=80 DPT=49771 SEQ=68057638 ACK=1279362013 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:27 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=203.172.181.149 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=55108
DF PROTO=TCP SPT=80 DPT=58204 SEQ=3782112760 ACK=588729513 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:27 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=203.172.181.149 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=55109
DF PROTO=TCP SPT=80 DPT=58204 SEQ=3782112760 ACK=588729513 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:29 server7 xinetd[2891]: refused connect from 94.234.170.68 due to excessive load
Jun  4 10:07:29 server7 xinetd[2891]: FAIL: smtps load from=94.234.170.68
Jun  4 10:07:31 server7 named[4034]: unexpected RCODE (SERVFAIL) resolving 'triband-mum-120.61.116.187.mtnl.net.in/A/IN': 59.185.3.11#53
Jun  4 10:07:31 server7 xinetd[2891]: refused connect from 74.125.83.47 due to excessive load
Jun  4 10:07:31 server7 xinetd[2891]: FAIL: smtp load from=74.125.83.47
Jun  4 10:07:32 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=118.154.218.6 LEN=621 TOS=0x00 PREC=0x00 TTL=64 ID=3698 DF P
ROTO=TCP SPT=80 DPT=56695 SEQ=2667624622 ACK=1034065065 WINDOW=6432 RES=0x00 ACK PSH URGP=0 UID=48 GID=48
Jun  4 10:07:32 server7 kernel: DROP_ASL_INPUT IN=eth0 OUT= MAC=00:0c:29:14:b0:dd:00:19:30:b9:8a:5f:08:00 SRC=202.56.10.172 DST=89.189.202
.13 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=522 PROTO=UDP SPT=11611 DPT=33437 LEN=12
Jun  4 10:07:33 server7 xinetd[2891]: refused connect from 213.66.96.135 due to excessive load
Jun  4 10:07:33 server7 xinetd[2891]: FAIL: smtps load from=213.66.96.135
Jun  4 10:07:33 server7 xinetd[2891]: refused connect from 213.66.96.135 due to excessive load
Jun  4 10:07:33 server7 xinetd[2891]: FAIL: smtps load from=213.66.96.135
Jun  4 10:07:33 server7 xinetd[2891]: refused connect from 213.66.96.135 due to excessive load
Jun  4 10:07:33 server7 xinetd[2891]: FAIL: smtps load from=213.66.96.135
Jun  4 10:07:33 server7 xinetd[2891]: refused connect from 213.66.96.135 due to excessive load
Jun  4 10:07:33 server7 xinetd[2891]: FAIL: smtps load from=213.66.96.135
Jun  4 10:07:33 server7 xinetd[2891]: refused connect from 213.66.96.135 due to excessive load
Jun  4 10:07:33 server7 xinetd[2891]: FAIL: smtps load from=213.66.96.135
Jun  4 10:07:33 server7 xinetd[2891]: refused connect from 213.66.96.135 due to excessive load
Jun  4 10:07:33 server7 xinetd[2891]: FAIL: smtps load from=213.66.96.135
Jun  4 10:07:34 server7 kernel: DROP_ASL_INPUT IN=eth0 OUT= MAC=00:0c:29:14:b0:dd:00:19:30:b9:8a:5f:08:00 SRC=202.56.10.172 DST=89.189.202
.13 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=522 PROTO=UDP SPT=11611 DPT=33437 LEN=12
Jun  4 10:07:36 server7 kernel: DROP_ASL_INPUT IN=eth0 OUT= MAC=00:0c:29:14:b0:dd:00:19:30:b9:8a:5f:08:00 SRC=202.56.9.80 DST=89.189.202.1
3 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=1292 PROTO=UDP SPT=11611 DPT=33441 LEN=12
Jun  4 10:07:37 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=120.63.153.122 LEN=1440 TOS=0x00 PREC=0x00 TTL=64 ID=7774 DF
 PROTO=TCP SPT=80 DPT=14716 SEQ=3195374590 ACK=108480041 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:37 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=120.63.153.122 LEN=1440 TOS=0x00 PREC=0x00 TTL=64 ID=7775 DF
 PROTO=TCP SPT=80 DPT=14716 SEQ=3195374590 ACK=108480041 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:38 server7 kernel: DROP_ASL_INPUT IN=eth0 OUT= MAC=00:0c:29:14:b0:dd:00:19:30:b9:8a:5f:08:00 SRC=202.56.9.80 DST=89.189.202.1
3 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=1292 PROTO=UDP SPT=11611 DPT=33441 LEN=12
Jun  4 10:07:38 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=119.42.73.191 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=55359 DF
 PROTO=TCP SPT=80 DPT=46596 SEQ=1340778816 ACK=3247778819 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:38 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=119.42.73.191 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=55360 DF
 PROTO=TCP SPT=80 DPT=46596 SEQ=1340778816 ACK=3247778819 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:39 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=161.53.28.4 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=64363 DF P
ROTO=TCP SPT=80 DPT=50326 SEQ=4083177702 ACK=4027365708 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:39 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=161.53.28.4 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=64364 DF P
ROTO=TCP SPT=80 DPT=50326 SEQ=4083177702 ACK=4027365708 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:40 server7 kernel: DROP_ASL_INPUT IN=eth0 OUT= MAC=00:0c:29:14:b0:dd:00:19:30:b9:8a:5f:08:00 SRC=202.56.9.80 DST=89.189.202.1
3 LEN=32 TOS=0x00 PREC=0x00 TTL=2 ID=1293 PROTO=UDP SPT=11611 DPT=33441 LEN=12
Jun  4 10:07:40 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=114.146.7.199 LEN=1454 TOS=0x00 PREC=0x00 TTL=64 ID=54943 DF
 PROTO=TCP SPT=80 DPT=50158 SEQ=3660605525 ACK=694964615 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:40 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=114.146.7.199 LEN=1454 TOS=0x00 PREC=0x00 TTL=64 ID=54944 DF
 PROTO=TCP SPT=80 DPT=50158 SEQ=3660605525 ACK=694964615 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:42 server7 kernel: DROP_ASL_INPUT IN=eth0 OUT= MAC=00:0c:29:14:b0:dd:00:19:30:b9:8a:5f:08:00 SRC=202.56.9.80 DST=89.189.202.1
3 LEN=32 TOS=0x00 PREC=0x00 TTL=2 ID=1293 PROTO=UDP SPT=11611 DPT=33441 LEN=12
Jun  4 10:07:44 server7 kernel: DROP_ASL_INPUT IN=eth0 OUT= MAC=00:0c:29:14:b0:dd:00:19:30:b9:8a:5f:08:00 SRC=202.56.9.80 DST=89.189.202.1
3 LEN=32 TOS=0x00 PREC=0x00 TTL=3 ID=1294 PROTO=UDP SPT=11611 DPT=33441 LEN=12
Jun  4 10:07:46 server7 kernel: DROP_ASL_INPUT IN=eth0 OUT= MAC=00:0c:29:14:b0:dd:00:19:30:b9:8a:5f:08:00 SRC=202.56.9.80 DST=89.189.202.1
3 LEN=32 TOS=0x00 PREC=0x00 TTL=3 ID=1294 PROTO=UDP SPT=11611 DPT=33441 LEN=12
Jun  4 10:07:48 server7 kernel: DROP_ASL_INPUT IN=eth0 OUT= MAC=00:0c:29:14:b0:dd:00:19:30:b9:8a:5f:08:00 SRC=202.56.9.80 DST=89.189.202.1
3 LEN=32 TOS=0x00 PREC=0x00 TTL=4 ID=1295 PROTO=UDP SPT=11611 DPT=33441 LEN=12
Jun  4 10:07:49 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=120.28.125.66 LEN=1412 TOS=0x00 PREC=0x00 TTL=64 ID=56750 DF
 PROTO=TCP SPT=80 DPT=41144 SEQ=33822196 ACK=2478145849 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:49 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=120.28.125.66 LEN=1412 TOS=0x00 PREC=0x00 TTL=64 ID=56751 DF
 PROTO=TCP SPT=80 DPT=41144 SEQ=33822196 ACK=2478145849 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:07:50 server7 kernel: DROP_ASL_INPUT IN=eth0 OUT= MAC=00:0c:29:14:b0:dd:00:19:30:b9:8a:5f:08:00 SRC=202.56.9.80 DST=89.189.202.1
3 LEN=32 TOS=0x00 PREC=0x00 TTL=4 ID=1295 PROTO=UDP SPT=11611 DPT=33441 LEN=12
Jun  4 10:07:52 server7 kernel: DROP_ASL_INPUT IN=eth0 OUT= MAC=00:0c:29:14:b0:dd:00:19:30:b9:8a:5f:08:00 SRC=202.56.9.80 DST=89.189.202.1
3 LEN=32 TOS=0x00 PREC=0x00 TTL=5 ID=1296 PROTO=UDP SPT=11611 DPT=33441 LEN=12
Jun  4 10:07:52 server7 named[4034]: unexpected RCODE (SERVFAIL) resolving '75.106.118.42.in-addr.arpa/PTR/IN': 210.245.31.10#53
Jun  4 10:07:54 server7 kernel: DROP_ASL_INPUT IN=eth0 OUT= MAC=00:0c:29:14:b0:dd:00:19:30:b9:8a:5f:08:00 SRC=202.56.9.80 DST=89.189.202.1
3 LEN=32 TOS=0x00 PREC=0x00 TTL=5 ID=1296 PROTO=UDP SPT=11611 DPT=33441 LEN=12
Jun  4 10:08:08 server7 xinetd[2891]: refused connect from 94.234.170.68 due to excessive load
Jun  4 10:08:08 server7 xinetd[2891]: FAIL: smtps load from=94.234.170.68
Jun  4 10:08:16 server7 xinetd[2891]: refused connect from 95.141.32.46 due to excessive load
Jun  4 10:08:16 server7 xinetd[2891]: FAIL: smtp load from=95.141.32.46
Jun  4 10:08:21 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=83.183.125.88 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=23773 DF
 PROTO=TCP SPT=80 DPT=57494 SEQ=2814084374 ACK=82743176 WINDOW=122 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:08:21 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=83.183.125.88 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=23774 DF
 PROTO=TCP SPT=80 DPT=57494 SEQ=2814084374 ACK=82743176 WINDOW=122 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:08:24 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=83.183.125.88 LEN=493 TOS=0x00 PREC=0x00 TTL=64 ID=62652 DF
PROTO=TCP SPT=80 DPT=57492 SEQ=4105584136 ACK=1244503200 WINDOW=137 RES=0x00 ACK PSH URGP=0 UID=48 GID=48
Jun  4 10:08:25 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=83.183.125.88 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=5699 DF
PROTO=TCP SPT=80 DPT=57499 SEQ=1573450629 ACK=2206733001 WINDOW=122 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:08:25 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=83.183.125.88 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=5700 DF
PROTO=TCP SPT=80 DPT=57499 SEQ=1573450629 ACK=2206733001 WINDOW=122 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:08:26 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=151.250.59.70 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=30908 DF
 PROTO=TCP SPT=80 DPT=26239 SEQ=1402055178 ACK=4185037984 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:08:26 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=151.250.59.70 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=30909 DF
 PROTO=TCP SPT=80 DPT=26239 SEQ=1402055178 ACK=4185037984 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:08:28 server7 named[4034]: unexpected RCODE (REFUSED) resolving '98.62.133.202.in-addr.arpa/PTR/IN': 202.153.32.2#53
Jun  4 10:08:35 server7 xinetd[2891]: refused connect from 213.66.96.135 due to excessive load
Jun  4 10:08:35 server7 xinetd[2891]: FAIL: smtps load from=213.66.96.135
Jun  4 10:08:35 server7 xinetd[2891]: refused connect from 213.66.96.135 due to excessive load
Jun  4 10:08:35 server7 xinetd[2891]: FAIL: smtps load from=213.66.96.135
Jun  4 10:08:35 server7 xinetd[2891]: refused connect from 213.66.96.135 due to excessive load
Jun  4 10:08:35 server7 xinetd[2891]: FAIL: smtps load from=213.66.96.135
Jun  4 10:08:35 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=37.17.179.222 LEN=1440 TOS=0x00 PREC=0x00 TTL=64 ID=21657 DF
 PROTO=TCP SPT=80 DPT=26321 SEQ=3516892445 ACK=2642169869 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:08:37 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=37.17.179.222 LEN=1440 TOS=0x00 PREC=0x00 TTL=64 ID=21658 DF
 PROTO=TCP SPT=80 DPT=26321 SEQ=3516892445 ACK=2642169869 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:08:38 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=118.174.109.56 LEN=1484 TOS=0x00 PREC=0x00 TTL=64 ID=20170 D
F PROTO=TCP SPT=80 DPT=50804 SEQ=542543140 ACK=469428709 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:08:38 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=118.174.109.56 LEN=1484 TOS=0x00 PREC=0x00 TTL=64 ID=20171 D
F PROTO=TCP SPT=80 DPT=50804 SEQ=542543140 ACK=469428709 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:08:38 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=111.93.180.66 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=49545 DF
 PROTO=TCP SPT=80 DPT=56104 SEQ=2903266228 ACK=3881230224 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:08:38 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=111.93.180.66 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=49546 DF
 PROTO=TCP SPT=80 DPT=56104 SEQ=2903266228 ACK=3881230224 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:08:54 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=118.154.218.6 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=13729 DF
 PROTO=TCP SPT=80 DPT=57325 SEQ=1061784410 ACK=3452516884 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:08:54 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=118.154.218.6 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=13730 DF
 PROTO=TCP SPT=80 DPT=57325 SEQ=1061784410 ACK=3452516884 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:09:05 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=193.13.73.87 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=54019 DF
PROTO=TCP SPT=80 DPT=37480 SEQ=373585421 ACK=142088064 WINDOW=118 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:09:05 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=193.13.73.87 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=54020 DF
PROTO=TCP SPT=80 DPT=37480 SEQ=373585421 ACK=142088064 WINDOW=118 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:09:05 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=193.13.73.87 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=54021 DF
PROTO=TCP SPT=80 DPT=37480 SEQ=373585421 ACK=142088064 WINDOW=118 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:09:06 server7 xinetd[2891]: refused connect from 31.193.196.72 due to excessive load
Jun  4 10:09:06 server7 xinetd[2891]: FAIL: smtp load from=31.193.196.72
Jun  4 10:09:06 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=182.178.11.203 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=38286 D
F PROTO=TCP SPT=80 DPT=3634 SEQ=2142642081 ACK=3241728263 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:09:06 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=182.178.11.203 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=38287 D
F PROTO=TCP SPT=80 DPT=3634 SEQ=2142642081 ACK=3241728263 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:09:07 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=125.237.181.142 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=54614
DF PROTO=TCP SPT=80 DPT=64707 SEQ=3030850781 ACK=2536489609 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:09:10 server7 xinetd[2891]: refused connect from 94.234.170.68 due to excessive load
Jun  4 10:09:10 server7 xinetd[2891]: FAIL: smtps load from=94.234.170.68
Jun  4 10:09:10 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=182.93.195.171 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=15473 D
F PROTO=TCP SPT=80 DPT=58501 SEQ=3757618337 ACK=2151748599 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:09:10 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=182.93.195.171 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=15474 D
F PROTO=TCP SPT=80 DPT=58501 SEQ=3757618337 ACK=2151748599 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:09:11 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=213.66.56.62 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=23943 DF
PROTO=TCP SPT=80 DPT=63510 SEQ=3246102662 ACK=1999731078 WINDOW=114 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:09:11 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=213.66.56.62 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=23944 DF
PROTO=TCP SPT=80 DPT=63510 SEQ=3246102662 ACK=1999731078 WINDOW=114 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:09:16 server7 xinetd[2891]: refused connect from 95.211.217.68 due to excessive load
Jun  4 10:09:16 server7 xinetd[2891]: FAIL: smtp load from=95.211.217.68
Jun  4 10:09:18 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=49.135.240.134 LEN=1400 TOS=0x00 PREC=0x00 TTL=64 ID=61130 D
F PROTO=TCP SPT=80 DPT=58474 SEQ=2812055916 ACK=2573194487 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:09:18 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=49.135.240.134 LEN=1400 TOS=0x00 PREC=0x00 TTL=64 ID=61131 D
F PROTO=TCP SPT=80 DPT=58474 SEQ=2812055916 ACK=2573194487 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:09:21 server7 xinetd[2891]: refused connect from 94.234.170.68 due to excessive load
Jun  4 10:09:21 server7 xinetd[2891]: FAIL: smtps load from=94.234.170.68
Jun  4 10:09:24 server7 xinetd[2891]: refused connect from 199.59.150.85 due to excessive load
Jun  4 10:09:24 server7 xinetd[2891]: FAIL: smtp load from=199.59.150.85
Jun  4 10:09:27 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=221.66.73.13 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=31242 DF
PROTO=TCP SPT=80 DPT=3676 SEQ=1678094959 ACK=3997476346 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:09:27 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=221.66.73.13 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=31243 DF
PROTO=TCP SPT=80 DPT=3676 SEQ=1678094959 ACK=3997476346 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:09:27 server7 xinetd[2891]: refused connect from 184.105.182.47 due to excessive load
Jun  4 10:09:27 server7 xinetd[2891]: FAIL: smtp load from=184.105.182.47
Jun  4 10:09:28 server7 xinetd[2891]: refused connect from 184.105.182.47 due to excessive load
Jun  4 10:09:28 server7 xinetd[2891]: FAIL: smtp load from=184.105.182.47
Jun  4 10:09:28 server7 xinetd[2891]: refused connect from 184.105.182.47 due to excessive load
Jun  4 10:09:28 server7 xinetd[2891]: FAIL: smtp load from=184.105.182.47
Jun  4 10:09:29 server7 xinetd[2891]: refused connect from 184.105.182.44 due to excessive load
Jun  4 10:09:29 server7 xinetd[2891]: FAIL: smtp load from=184.105.182.44
Jun  4 10:09:31 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=83.183.125.88 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=35259 DF
 PROTO=TCP SPT=80 DPT=57454 SEQ=679348519 ACK=977847082 WINDOW=121 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:09:31 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=83.183.125.88 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=35260 DF
 PROTO=TCP SPT=80 DPT=57454 SEQ=679348519 ACK=977847082 WINDOW=121 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:09:33 server7 xinetd[2891]: refused connect from 94.234.170.68 due to excessive load
Jun  4 10:09:33 server7 xinetd[2891]: FAIL: smtps load from=94.234.170.68
Jun  4 10:09:34 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=121.114.148.28 LEN=1440 TOS=0x00 PREC=0x00 TTL=64 ID=2670 DF
 PROTO=TCP SPT=80 DPT=41271 SEQ=117998142 ACK=3388852888 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:09:34 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=121.114.148.28 LEN=1440 TOS=0x00 PREC=0x00 TTL=64 ID=2671 DF
 PROTO=TCP SPT=80 DPT=41271 SEQ=117998142 ACK=3388852888 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:09:35 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=180.221.19.152 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=28487 D
F PROTO=TCP SPT=80 DPT=50524 SEQ=3083895790 ACK=2573416290 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:09:35 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=180.221.19.152 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=28488 D
F PROTO=TCP SPT=80 DPT=50524 SEQ=3083895790 ACK=2573416290 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:09:37 server7 xinetd[2891]: refused connect from 213.66.96.135 due to excessive load
Jun  4 10:09:37 server7 xinetd[2891]: FAIL: smtps load from=213.66.96.135
Jun  4 10:09:37 server7 xinetd[2891]: refused connect from 213.66.96.135 due to excessive load
Jun  4 10:09:37 server7 xinetd[2891]: FAIL: smtps load from=213.66.96.135
Jun  4 10:09:38 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=126.10.210.111 LEN=1454 TOS=0x00 PREC=0x00 TTL=64 ID=20554 D
F PROTO=TCP SPT=80 DPT=51625 SEQ=2269157191 ACK=561434681 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:09:38 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=126.10.210.111 LEN=1454 TOS=0x00 PREC=0x00 TTL=64 ID=20555 D
F PROTO=TCP SPT=80 DPT=51625 SEQ=2269157191 ACK=561434681 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:09:42 server7 xinetd[2891]: refused connect from 92.61.38.6 due to excessive load
Jun  4 10:09:42 server7 xinetd[2891]: FAIL: smtp load from=92.61.38.6
Jun  4 10:09:43 server7 named[4034]: unexpected RCODE (SERVFAIL) resolving '28.13.26.193.in-addr.arpa/PTR/IN': 193.238.116.1#53
Jun  4 10:09:43 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=193.188.93.173 LEN=1480 TOS=0x00 PREC=0x00 TTL=64 ID=1352 DF
 PROTO=TCP SPT=80 DPT=25868 SEQ=3150894893 ACK=3269024307 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:09:43 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=193.188.93.173 LEN=1480 TOS=0x00 PREC=0x00 TTL=64 ID=1353 DF
 PROTO=TCP SPT=80 DPT=25868 SEQ=3150894893 ACK=3269024307 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:09:45 server7 xinetd[2891]: refused connect from 199.59.150.74 due to excessive load
Jun  4 10:09:45 server7 xinetd[2891]: FAIL: smtp load from=199.59.150.74
Jun  4 10:09:45 server7 named[4034]: unexpected RCODE (REFUSED) resolving '28.13.26.193.in-addr.arpa/PTR/IN': 193.238.116.18#53
Jun  4 10:09:47 server7 xinetd[2891]: refused connect from 184.105.182.47 due to excessive load
Jun  4 10:09:47 server7 xinetd[2891]: FAIL: smtp load from=184.105.182.47
Jun  4 10:09:47 server7 xinetd[2891]: refused connect from 184.105.182.47 due to excessive load
Jun  4 10:09:47 server7 xinetd[2891]: FAIL: smtp load from=184.105.182.47
Jun  4 10:09:49 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=176.43.66.84 LEN=1452 TOS=0x00 PREC=0x00 TTL=64 ID=38649 DF
PROTO=TCP SPT=80 DPT=55995 SEQ=2895124775 ACK=4037334208 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:09:49 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=176.43.66.84 LEN=1452 TOS=0x00 PREC=0x00 TTL=64 ID=38650 DF
PROTO=TCP SPT=80 DPT=55995 SEQ=2895124775 ACK=4037334208 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:09:51 server7 xinetd[2891]: refused connect from 94.234.170.68 due to excessive load
Jun  4 10:09:51 server7 xinetd[2891]: FAIL: smtps load from=94.234.170.68
Jun  4 10:09:57 server7 xinetd[2891]: refused connect from 213.66.96.135 due to excessive load
Jun  4 10:09:57 server7 xinetd[2891]: FAIL: smtps load from=213.66.96.135
Jun  4 10:09:57 server7 xinetd[2891]: refused connect from 213.66.96.135 due to excessive load
Jun  4 10:09:57 server7 xinetd[2891]: FAIL: smtps load from=213.66.96.135
Jun  4 10:09:59 server7 named[4034]: unexpected RCODE (SERVFAIL) resolving '209.225.140.193.in-addr.arpa/PTR/IN': 193.0.9.6#53
Jun  4 10:09:59 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=186.46.180.57 LEN=1440 TOS=0x00 PREC=0x00 TTL=64 ID=60285 DF
 PROTO=TCP SPT=80 DPT=27927 SEQ=621872481 ACK=1944713646 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:09:59 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=186.46.180.57 LEN=1440 TOS=0x00 PREC=0x00 TTL=64 ID=60286 DF
 PROTO=TCP SPT=80 DPT=27927 SEQ=621872481 ACK=1944713646 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:10:01 server7 xinetd[2891]: refused connect from 94.234.170.68 due to excessive load
Jun  4 10:10:01 server7 xinetd[2891]: FAIL: smtps load from=94.234.170.68
Jun  4 10:10:02 server7 named[4034]: unexpected RCODE (SERVFAIL) resolving 'labb15.iibf.hun.edu.tr/A/IN': 193.140.216.8#53
Jun  4 10:10:03 server7 named[4034]: lame server resolving 'labb15.iibf.hun.edu.tr' (in 'iibf.hun.edu.tr'?): 193.140.216.203#53
Jun  4 10:10:05 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=116.70.155.177 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=5484 DF
 PROTO=TCP SPT=80 DPT=64410 SEQ=2890174274 ACK=2529230851 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:10:05 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=116.70.155.177 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=5485 DF
 PROTO=TCP SPT=80 DPT=64410 SEQ=2890174274 ACK=2529230851 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:10:06 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=124.123.82.120 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=18090 D
F PROTO=TCP SPT=80 DPT=51102 SEQ=4223446011 ACK=4181730771 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:10:06 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=124.123.82.120 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=18091 D
F PROTO=TCP SPT=80 DPT=51102 SEQ=4223446011 ACK=4181730771 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:10:07 server7 xinetd[2891]: refused connect from 77.110.52.49 due to excessive load
Jun  4 10:10:07 server7 xinetd[2891]: FAIL: smtp load from=77.110.52.49
Jun  4 10:10:11 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=180.221.19.152 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=24774 D
F PROTO=TCP SPT=80 DPT=50464 SEQ=1436257453 ACK=172475774 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:10:11 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=180.221.19.152 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=24775 D
F PROTO=TCP SPT=80 DPT=50464 SEQ=1436257453 ACK=172475774 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:10:11 server7 xinetd[2891]: refused connect from 94.234.170.68 due to excessive load
Jun  4 10:10:11 server7 xinetd[2891]: FAIL: smtps load from=94.234.170.68
Jun  4 10:10:13 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=125.24.189.105 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=9369 DF
 PROTO=TCP SPT=80 DPT=1133 SEQ=902210817 ACK=2469932825 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:10:13 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=125.24.189.105 LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=9370 DF
 PROTO=TCP SPT=80 DPT=1133 SEQ=902210817 ACK=2469932825 WINDOW=6432 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:10:14 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=49.135.240.134 LEN=1400 TOS=0x00 PREC=0x00 TTL=64 ID=31244 D
F PROTO=TCP SPT=80 DPT=58878 SEQ=2257972241 ACK=808655292 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:10:14 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=49.135.240.134 LEN=1400 TOS=0x00 PREC=0x00 TTL=64 ID=31245 D
F PROTO=TCP SPT=80 DPT=58878 SEQ=2257972241 ACK=808655292 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:10:14 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=125.4.2.117 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=46284 DF P
ROTO=TCP SPT=80 DPT=51483 SEQ=3486406941 ACK=2197725916 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:10:14 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=125.4.2.117 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=46285 DF P
ROTO=TCP SPT=80 DPT=51483 SEQ=3486406941 ACK=2197725916 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:10:16 server7 xinetd[2891]: refused connect from 174.34.224.167 due to excessive load
Jun  4 10:10:16 server7 xinetd[2891]: FAIL: smtp load from=174.34.224.167
Jun  4 10:10:17 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=111.100.93.185 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=21086 D
F PROTO=TCP SPT=80 DPT=60384 SEQ=3064781293 ACK=105700793 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:10:17 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=111.100.93.185 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=21087 D
F PROTO=TCP SPT=80 DPT=60384 SEQ=3064781293 ACK=105700793 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:10:31 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=180.221.19.152 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=19536 D
F PROTO=TCP SPT=80 DPT=50611 SEQ=2834080200 ACK=922452394 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:10:31 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=180.221.19.152 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=19537 D
F PROTO=TCP SPT=80 DPT=50611 SEQ=2834080200 ACK=922452394 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:10:59 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=113.162.164.165 LEN=1442 TOS=0x00 PREC=0x00 TTL=64 ID=44986
DF PROTO=TCP SPT=80 DPT=33003 SEQ=1650022491 ACK=461137473 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:10:59 server7 kernel: ASL_OUTPUT IN= OUT=eth0 SRC=89.189.202.13 DST=113.162.164.165 LEN=1442 TOS=0x00 PREC=0x00 TTL=64 ID=44987
DF PROTO=TCP SPT=80 DPT=33003 SEQ=1650022491 ACK=461137473 WINDOW=108 RES=0x00 ACK URGP=0 UID=48 GID=48
Jun  4 10:12:17 server7 ntpd[2908]: synchronized to 79.136.97.19, stratum 2
Jun  4 10:15:03 server7 syslogd 1.4.1: restart.

prupert · Unread post by **prupert** » Tue Jun 04, 2013 2:01 pm

Judging from the xinetd messages your virtual machine was already overloaded on 10:02:55, before the firewall messages.

biggles · Unread post by **biggles** » Tue Jun 04, 2013 2:15 pm

Thanks for the input.

The first message of excessive load from xinetd is from 10:02:55. Every SMTP from the previous hour is ok.

prupert · Unread post by **prupert** » Tue Jun 04, 2013 2:57 pm

Hourly cronjob causing high load perhaps?

(Just trying to help here, but really I do suggest you gather more details about resource usage and other performance metrics, by which you should very easily be able to determine what exactly is causing this high load.)

biggles · Unread post by **biggles** » Wed Jun 05, 2013 5:41 am

I will try, but I really don't know where to start. What I do know is that it goes really quick. Yesterday I was working on the server with normal load at 8.30 local time. At 9.02 it got overloaded. My main suspect is ossec scanning in combination with events from tortix. I have seen it consume quite a lot of resources when scanning. But I haven't found any real indication of a specific time when it happens. More often between 01.00 and 07.00 (24h).

prupert · Unread post by **prupert** » Wed Jun 05, 2013 10:22 am

It might be some cronjobs demanding too much from your VM.

Check which processes are running at that time and their resource usage --> automate this with proper monitoring software so you can detect these type of issues in the future.

Atomicorp

Help! Something is killing my server nearly every day.

Help! Something is killing my server nearly every day.

Re: Help! Something is killing my server nearly every day.

Re: Help! Something is killing my server nearly every day.

Re: Help! Something is killing my server nearly every day.

Re: Help! Something is killing my server nearly every day.

Re: Help! Something is killing my server nearly every day.

Re: Help! Something is killing my server nearly every day.

Re: Help! Something is killing my server nearly every day.

Re: Help! Something is killing my server nearly every day.

Re: Help! Something is killing my server nearly every day.

Re: Help! Something is killing my server nearly every day.