Urgent request : Server sending ~25mpbs UDP traffic out, need help. $ can be paid


Active Member
Dec 21, 2003

This is what i recieved from my provider

Dear customer,

It has come to our notice that starting from 1600hrs today (2/3/05), one of
the IP addresses assigned to you (xxxx) has been sending a flood of
UDP packets (~25Mbps) to xxxx port 53.

This is the second time in less than 4 weeks that your server has been
compromised and used to flood external machines.

As a precautionary measure, all traffic to/fro your server except for
Singapore One traffic will be blocked with immediate effect. This will allow
you to have access to your server to investigate this problem.

Please note that full access will only be restored upon satisfactory and
reasonable explanation as to how this incident was allowed to occured and
measures taken to prevent it from happening again. Your feedback will be
reviewed during office hours only.

Thanks for your attention and best regards,
Is there any reputable system admin within this forum willing to help ? I can pay (not alot) and also give you a monthly server managing job if you'd like. Again, i cant pay alot. Please as this is urgent, if you can help PM/post below with your MSN address. Thanks


Well-Known Member
Nov 3, 2003
Templeton, CA
ps aux and see if there are any wierd processes running

its probably running out of your /tmp, i would check there to see if theres any strange scripts in there