Hi! Today I logged into the vyos VM with SSH, and the system seems very slow. For example, logging into the router via SSH, I see the welcome message, and then it takes 1m10s to show me the prompt.
Then, I entered the ‘conf’ command, and it took 1m43s to enter into the configuration mode.
The ESXi monitor is telling me that the VM is consuming 100% of the vCPU (2.9GHz) and 100% of the RAM (1GB).
The configuration is extremely basic, and the router is only do basic static routes between the physical ESXi interfaces and the virtual switches.
On the ESXi console for the router, I’m seeing the following:
INIT: Id "TO" Respawning too fast: disabled for 5 minutes
I checked the logs too:
~$ show log
<datetime> Getty[xxxx]: ttyS0: tcgetattr: Input/Output error
The last line is repeated about 3 times per minute.
I’m also seeing a lot of login attempts from the internet, which is bothersome but not unusual I guess.
However, what I’m really worried about are lines like this:
<datetime> sshd[xxxx]: error: connect_to <random hostnames> 443: failed
<datetime> sshd[xxxx]: error: connect_to <random hostnames>: unknown host (name or service not known)
Where ‘random hostnames’ are things like this (I’ve deliberately added spaces to some FQDN’s below so as to not create links in the forum):
- wpad
- hakgaay
- ysccxeafwceb
- qpancgjwa
- s7.addthis .com
- 1e6795fd-f6e1-4297-a225-c50eb2a46569.browser.ip-score .com
- sb.scorecardresearch .com
Running ps -e shows thousands of processes name ‘b’, many of them <defunct>
Have I been hacked? Is our router pegged its CPU because of some rogue process spamming the internet?
