LAN Flooding with requests to a Chinese server on fresh install

Vila

Member
Sep 27, 2021
3
0
6
52
I have just installed ProxMox (Downloaded the ISO from the ProxMox site). My LAN was showing slow downs and ping times were going off the record. After some time I remove the ProxMox server (no clients) and everythig returned to normal.

I have taken a TCP dump from my router and Proxmox is spamming my network with requests to a chinese server (101.37.24.168 port 80) .


Does anyone from Proxmox want to discuss?

Thanks
 
Hi,
Downloaded the ISO from the ProxMox site
Can you please post the link you used?

I have just installed ProxMox (Downloaded the ISO from the ProxMox site). My LAN was showing slow downs and ping times were going off the record. After some time I remove the ProxMox server (no clients) and everythig returned to normal.

I have taken a TCP dump from my router and Proxmox is spamming my network with requests to a chinese server (101.37.24.168 port 80) .
Did you verify the checksums of the ISO?

As Proxmox VE itself by default only connects once per day to the repos via apt update and to download a newer (GPG signed) CT appliance index from download.proxmox.com, and neither is automatically repeated until the next day if failed, it seems unlikely that something official went that bananas.
 
Ok I’m going to go with a lesson in Network Security. I've done a reinstall and its completely fine. I had repurposed an old server which previously had external SSH access (forgot about that). My guess is a random hack. Needless to say, this install has now no external access and I’ll look to key only access internally.


Thanks for your replies and a lesson learned.