Support Questions

Find answers, ask questions, and share your expertise

dht_pkt_alert Possible malicious infection in CDH6

avatar
Expert Contributor

Hello Community,

I have an old CDH6 and realized the following suspicious traces in cloudera.flood.log in /var/log/cloudera-scm-server

Juanes_0-1716361541025.png

dht_pkt_alert ==> [82.43.248.101:6881]
dht_pkt_alert <== [82.43.248.101:6881]

and the same for another almost 100 different IPs outside the network by using the p2p libraries (and not sure that they are Cloudera Repository Ps)

Did you see anything similar? this activity is quite suspicious.

Thanks for your help

 

 

 

 

 

1 ACCEPTED SOLUTION

avatar
New Contributor

The dht_pkt_alert messages you’re seeing in the cloudera.flood.log are indicative of Distributed Hash Table (DHT) packet alerts, which are associated with peer-to-peer (P2P) network activity. This type of activity is unusual for a Cloudera CDH6 environment and could potentially point to a security concern, such as unauthorized software or a compromised system. 

View solution in original post

2 REPLIES 2

avatar
New Contributor

The dht_pkt_alert messages you’re seeing in the cloudera.flood.log are indicative of Distributed Hash Table (DHT) packet alerts, which are associated with peer-to-peer (P2P) network activity. This type of activity is unusual for a Cloudera CDH6 environment and could potentially point to a security concern, such as unauthorized software or a compromised system. 

avatar
Expert Contributor

Thank you @robert199re for the information, the  system is isolated, I would do some additional investigations but not I can asume that this traffic is not usual for CDH6.

Best Regards