Hi,
recently we had quite some problems with our datacenter. We are still looking for the root cause, but in the logs of the core switch (Avaya Ethernet Routing Switch 4524GT) I found some errors which I cannot explain. They seem quite strange (see beneath).
First part has something to do with the stack, which wasn't working properly I guess. Is this right?
Second part of the log is more complicated in my opinion. I see a lot of these in the log, and with various ip addresses, coming from all over the world.
Does this means I've been hacked somewhere or somehow? Are these real connections to the configuration page of this switch or is this just traffic passing through the switch?
Thanks for your reply!
S 1 00:00:00:00 1 NVR CDT_DB_CACHE failed DB-exchange, stack formation delayed
S 1 00:00:00:00 2 NVR CDT_DB_CACHE failed DB-exchange, stack formation delayed
S 1 00:00:00:00 3 NVR CDT_DB_CACHE failed DB-exchange, stack formation delayed
S 1 00:00:00:00 4 NVR CDT_DB_CACHE failed DB-exchange, stack formation delayed
S 1 00:00:00:00 5 NVR CDT_DB_CACHE failed DB-exchange, stack formation delayed
S 1 00:00:00:00 6 NVR CDT_DB_CACHE failed DB-exchange, stack formation delayed
S 1 00:00:00:00 7 NVR CDT_DB_CACHE failed DB-exchange, stack formation delayed
S 1 00:00:00:00 8 NVR CDT_DB_CACHE failed DB-exchange, stack formation delayed
S 1 00:00:00:00 9 NVR CDT_DB_CACHE failed DB-exchange, stack formation delayed
S 1 00:00:00:00 10 NVR CDT_DB_CACHE failed DB-exchange, stack formation delayed
S 1 00:00:00:00 11 NVR CDT_DB_CACHE failed DB-exchange, stack formation delayed
S 1 00:00:00:00 12 NVR CDT_DB_CACHE failed DB-exchange, stack formation delayed
S 1 00:00:00:00 13 NVR CDT_DB_CACHE failed DB-exchange, stack formation delayed
I 1 00:08:10:33 350 #1 Successful connection from IP address: 88.244.222.173
I 1 00:08:10:38 351 #1 Connection closed (lost connection), IP address: 88.244.222.173
I 1 00:08:10:38 352 #1 Successful connection from IP address: 88.244.222.173
I 1 00:08:10:44 353 #1 Connection closed (lost connection), IP address: 88.244.222.173
I 1 00:08:10:44 354 #1 Successful connection from IP address: 88.244.222.173
I 1 00:08:10:54 355 #1 Connection closed (lost connection), IP address: 88.244.222.173
I 1 00:08:10:54 356 #1 Successful connection from IP address: 88.244.222.173
I 1 00:08:10:59 357 #1 Connection closed (lost connection), IP address: 88.244.222.173
I 1 00:08:11:00 358 #1 Successful connection from IP address: 88.244.222.173
I 1 00:08:11:05 359 #1 Connection closed (lost connection), IP address: 88.244.222.173
I 1 00:08:11:05 360 #1 Successful connection from IP address: 88.244.222.173
I 1 00:08:11:10 361 #1 Connection closed (lost connection), IP address: 88.244.222.173
I 1 00:08:11:11 362 #1 Successful connection from IP address: 88.244.222.173
I 1 00:08:11:16 363 #1 Connection closed (lost connection), IP address: 88.244.222.173
I 1 00:08:11:16 364 #1 Successful connection from IP address: 88.244.222.173
recently we had quite some problems with our datacenter. We are still looking for the root cause, but in the logs of the core switch (Avaya Ethernet Routing Switch 4524GT) I found some errors which I cannot explain. They seem quite strange (see beneath).
First part has something to do with the stack, which wasn't working properly I guess. Is this right?
Second part of the log is more complicated in my opinion. I see a lot of these in the log, and with various ip addresses, coming from all over the world.
Does this means I've been hacked somewhere or somehow? Are these real connections to the configuration page of this switch or is this just traffic passing through the switch?
Thanks for your reply!
S 1 00:00:00:00 1 NVR CDT_DB_CACHE failed DB-exchange, stack formation delayed
S 1 00:00:00:00 2 NVR CDT_DB_CACHE failed DB-exchange, stack formation delayed
S 1 00:00:00:00 3 NVR CDT_DB_CACHE failed DB-exchange, stack formation delayed
S 1 00:00:00:00 4 NVR CDT_DB_CACHE failed DB-exchange, stack formation delayed
S 1 00:00:00:00 5 NVR CDT_DB_CACHE failed DB-exchange, stack formation delayed
S 1 00:00:00:00 6 NVR CDT_DB_CACHE failed DB-exchange, stack formation delayed
S 1 00:00:00:00 7 NVR CDT_DB_CACHE failed DB-exchange, stack formation delayed
S 1 00:00:00:00 8 NVR CDT_DB_CACHE failed DB-exchange, stack formation delayed
S 1 00:00:00:00 9 NVR CDT_DB_CACHE failed DB-exchange, stack formation delayed
S 1 00:00:00:00 10 NVR CDT_DB_CACHE failed DB-exchange, stack formation delayed
S 1 00:00:00:00 11 NVR CDT_DB_CACHE failed DB-exchange, stack formation delayed
S 1 00:00:00:00 12 NVR CDT_DB_CACHE failed DB-exchange, stack formation delayed
S 1 00:00:00:00 13 NVR CDT_DB_CACHE failed DB-exchange, stack formation delayed
I 1 00:08:10:33 350 #1 Successful connection from IP address: 88.244.222.173
I 1 00:08:10:38 351 #1 Connection closed (lost connection), IP address: 88.244.222.173
I 1 00:08:10:38 352 #1 Successful connection from IP address: 88.244.222.173
I 1 00:08:10:44 353 #1 Connection closed (lost connection), IP address: 88.244.222.173
I 1 00:08:10:44 354 #1 Successful connection from IP address: 88.244.222.173
I 1 00:08:10:54 355 #1 Connection closed (lost connection), IP address: 88.244.222.173
I 1 00:08:10:54 356 #1 Successful connection from IP address: 88.244.222.173
I 1 00:08:10:59 357 #1 Connection closed (lost connection), IP address: 88.244.222.173
I 1 00:08:11:00 358 #1 Successful connection from IP address: 88.244.222.173
I 1 00:08:11:05 359 #1 Connection closed (lost connection), IP address: 88.244.222.173
I 1 00:08:11:05 360 #1 Successful connection from IP address: 88.244.222.173
I 1 00:08:11:10 361 #1 Connection closed (lost connection), IP address: 88.244.222.173
I 1 00:08:11:11 362 #1 Successful connection from IP address: 88.244.222.173
I 1 00:08:11:16 363 #1 Connection closed (lost connection), IP address: 88.244.222.173
I 1 00:08:11:16 364 #1 Successful connection from IP address: 88.244.222.173
Comment