https://community.cloudera.com/t5/Support-Questions/dht-pkt-alert-Possible-malicious-infection-in-CDH6/m-p/388349#M246642 <P>Thank you&nbsp;<a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/110791">@robert199re</a>&nbsp;for the information, the&nbsp; system is isolated, I would do some additional investigations but not I can asume that this traffic is not usual for CDH6.</P><P>Best Regards</P> Mon, 27 May 2024 07:28:19 GMT Juanes 2024-05-27T07:28:19Z https://community.cloudera.com/t5/Support-Questions/dht-pkt-alert-Possible-malicious-infection-in-CDH6/m-p/388194#M246569 <P>Hello Community,</P><P>I have an old CDH6 and realized the following suspicious traces in cloudera.flood.log in&nbsp;<SPAN><SPAN class="ui-provider bbp bbq bbh bbr bbs bbt bbu bbv bbw bbx bby bbz bca bcb bcc bcd bce bcf bcg bch bci bcj bck bcl bcm bcn bco bcp bcq bcr bcs bct bcu bcv bcw">/var/log/cloudera-scm-server</SPAN></SPAN></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Juanes_0-1716361541025.png" style="width: 400px;"><img src="https://community.cloudera.com/t5/image/serverpage/image-id/40748i2D9A4140376F31EC/image-size/medium?v=v2&amp;px=400" role="button" title="Juanes_0-1716361541025.png" alt="Juanes_0-1716361541025.png" /></span></P><DIV><DIV><SPAN>dht_pkt_alert </SPAN><SPAN>==&gt;</SPAN><SPAN> [</SPAN><SPAN>82.43</SPAN><SPAN>.248.101:</SPAN><SPAN>6881</SPAN><SPAN>]</SPAN></DIV><DIV><DIV><DIV><SPAN>dht_pkt_alert </SPAN><SPAN>&lt;==</SPAN><SPAN> [</SPAN><SPAN>82.43</SPAN><SPAN>.248.101:</SPAN><SPAN>6881</SPAN><SPAN>]</SPAN></DIV></DIV></DIV></DIV><P>and the same for another almost 100 different IPs outside the network by using the p2p libraries (and not sure that they are Cloudera Repository Ps)</P><P>Did you see anything similar? this activity is quite suspicious.</P><P>Thanks for your help</P><P>&nbsp;</P><P><SPAN><SPAN class="ui-provider bbp bbq bbh bbr bbs bbt bbu bbv bbw bbx bby bbz bca bcb bcc bcd bce bcf bcg bch bci bcj bck bcl bcm bcn bco bcp bcq bcr bcs bct bcu bcv bcw">&nbsp;</SPAN></SPAN></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 22 May 2024 07:09:23 GMT https://community.cloudera.com/t5/Support-Questions/dht-pkt-alert-Possible-malicious-infection-in-CDH6/m-p/388194#M246569 Juanes 2024-05-22T07:09:23Z https://community.cloudera.com/t5/Support-Questions/dht-pkt-alert-Possible-malicious-infection-in-CDH6/m-p/388308#M246623 <P>The dht_pkt_alert messages you’re seeing in the cloudera.flood.log are indicative of Distributed Hash Table (DHT) packet alerts, which are associated with peer-to-peer (P2P) network activity. This type of activity is unusual for a Cloudera CDH6 environment and could potentially point to a security concern, such as unauthorized software or a compromised system.&nbsp;</P> Fri, 24 May 2024 09:53:55 GMT https://community.cloudera.com/t5/Support-Questions/dht-pkt-alert-Possible-malicious-infection-in-CDH6/m-p/388308#M246623 robert199re 2024-05-24T09:53:55Z https://community.cloudera.com/t5/Support-Questions/dht-pkt-alert-Possible-malicious-infection-in-CDH6/m-p/388349#M246642 <P>Thank you&nbsp;<a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/110791">@robert199re</a>&nbsp;for the information, the&nbsp; system is isolated, I would do some additional investigations but not I can asume that this traffic is not usual for CDH6.</P><P>Best Regards</P> Mon, 27 May 2024 07:28:19 GMT https://community.cloudera.com/t5/Support-Questions/dht-pkt-alert-Possible-malicious-infection-in-CDH6/m-p/388349#M246642 Juanes 2024-05-27T07:28:19Z