Solved Connection Reset Spam

Discussion in 'Bukkit Help' started by sethgandy, Jun 10, 2013.

Thread Status:
Not open for further replies.
  1. Offline

    sethgandy

    So this started out of the blue about two weeks ago.
    Like every minute I get a "[INFO] Connection Reset".
    And believe me, these stack up quite a bit..
    Code:
    9:17:21 AM [INFO] Connection reset
    9:18:22 AM [INFO] Connection reset
    9:19:21 AM [INFO] Connection reset
    9:20:24 AM [INFO] Connection reset
    9:21:21 AM [INFO] Connection reset
    9:22:22 AM [INFO] Connection reset
    9:23:22 AM [INFO] Connection reset
    9:24:21 AM [INFO] Connection reset
    9:25:24 AM [INFO] Connection reset
    9:26:21 AM [INFO] Connection reset
    9:27:22 AM [INFO] Connection reset
    9:28:21 AM [INFO] Connection reset
    It still happened when I remove all plugins and also tried ipconfig /release.
    Any idea how to stop this monstrosity?
     
  2. Offline

    PolarCraft

    Try starting a fresh server in a different folder/spot. And if that doesn't work check your ports.
     
  3. Offline

    sethgandy

    Not even close my friend.
    What/how to fix it.

    I installed a network sniffer called CommView.
    Find 2 ip's trying to connect to port 25565.
    54.226.75.189
    54.226.27.164

    Both belonging to Amazon.
    Install DD-WRT firmware on my router.
    In admin script I run:
    Code:
    iptables -I FORWARD -s 54.226.75.189/24 -j DROP
    iptables -I FORWARD -s 54.226.27.164/24 -j DROP
    Problem Solved.
    What I think happened is Amazon has spy software that latches if you use any of their services, I remembered I had downloaded a cd off of Amazon a while back and had to install their software to download it.
     
  4. Offline

    Bobcat00

    Found this when looking up one of the IP addresses:

    Code:
    The activity you have detected originates from a 
    dynamic hosting environment. 
    For fastest response, please submit abuse reports at 
    https://www.amazon.com/gp/html-forms-controller/AWSAbuse/ 
    For more information regarding EC2 see: http://ec2.amazonaws.com/ 
    All reports MUST include: 
    * src IP 
    * dest IP (your IP) 
    * dest port 
    * Accurate date/timestamp and timezone of activity 
    * Intensity/frequency (short log extracts) 
    * Your contact details (phone and email) 
    Without these we will be unable to identify 
    the correct owner of the IP address at that 
    point in time.
    Phone +1-206-266-4064 (Office)
    Email [EMAIL][email protected][/EMAIL]
    
     
  5. I found this thread when i googled those ip address's.
    They were effectively ddosing my server.
    So i complained to amazon and they said they terminated the servers.
    Maybe they were just covering up for themelves, but it sounded to me like someone was using a server to ddos for a faster connection. I dropped all their packets in linux anyway in iptables but its the thought that counts.
     
  6. Offline

    sethgandy

    Add another to the list
    192.241.198.55
     
  7. Offline

    Bobcat00

Thread Status:
Not open for further replies.

Share This Page