Support Questions

Juanes · ‎05-22-2024

Hello Community,

I have an old CDH6 and realized the following suspicious traces in cloudera.flood.log in /var/log/cloudera-scm-server

dht_pkt_alert ==> [82.43.248.101:6881]

dht_pkt_alert <== [82.43.248.101:6881]

and the same for another almost 100 different IPs outside the network by using the p2p libraries (and not sure that they are Cloudera Repository Ps)

Did you see anything similar? this activity is quite suspicious.

Thanks for your help

robert199re · ‎05-24-2024

The dht_pkt_alert messages you’re seeing in the cloudera.flood.log are indicative of Distributed Hash Table (DHT) packet alerts, which are associated with peer-to-peer (P2P) network activity. This type of activity is unusual for a Cloudera CDH6 environment and could potentially point to a security concern, such as unauthorized software or a compromised system.

View solution in original post

robert199re · ‎05-24-2024

The dht_pkt_alert messages you’re seeing in the cloudera.flood.log are indicative of Distributed Hash Table (DHT) packet alerts, which are associated with peer-to-peer (P2P) network activity. This type of activity is unusual for a Cloudera CDH6 environment and could potentially point to a security concern, such as unauthorized software or a compromised system.

Juanes · ‎05-27-2024

Thank you @robert199re for the information, the system is isolated, I would do some additional investigations but not I can asume that this traffic is not usual for CDH6.

Best Regards

Cloudera Community

Support Questions

dht_pkt_alert Possible malicious infection in CDH6