Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

dht_pkt_alert Possible malicious infection in CDH6

Labels:
avatar
author-rank Juanes
Expert Contributor

Created ‎05-22-2024 12:09 AM

Hello Community,

I have an old CDH6 and realized the following suspicious traces in cloudera.flood.log in /var/log/cloudera-scm-server

Juanes_0-1716361541025.png

dht_pkt_alert ==> [82.43.248.101:6881]
dht_pkt_alert <== [82.43.248.101:6881]

and the same for another almost 100 different IPs outside the network by using the p2p libraries (and not sure that they are Cloudera Repository Ps)

Did you see anything similar? this activity is quite suspicious.

Thanks for your help

 

 

 

 

 

794 Views
0
1 ACCEPTED SOLUTION

avatar
author-rank robert199re
New Contributor

Created ‎05-24-2024 02:53 AM

The dht_pkt_alert messages you’re seeing in the cloudera.flood.log are indicative of Distributed Hash Table (DHT) packet alerts, which are associated with peer-to-peer (P2P) network activity. This type of activity is unusual for a Cloudera CDH6 environment and could potentially point to a security concern, such as unauthorized software or a compromised system. 

View solution in original post

756 Views
0
2 REPLIES 2

avatar
author-rank robert199re
New Contributor

Created ‎05-24-2024 02:53 AM

The dht_pkt_alert messages you’re seeing in the cloudera.flood.log are indicative of Distributed Hash Table (DHT) packet alerts, which are associated with peer-to-peer (P2P) network activity. This type of activity is unusual for a Cloudera CDH6 environment and could potentially point to a security concern, such as unauthorized software or a compromised system. 

757 Views
0

avatar
author-rank Juanes
Expert Contributor

Created ‎05-27-2024 12:28 AM

Thank you @robert199re for the information, the  system is isolated, I would do some additional investigations but not I can asume that this traffic is not usual for CDH6.

Best Regards

714 Views
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements