From owner-freebsd-questions@freebsd.org Mon Jul 25 16:55:22 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E7E64BA4900 for ; Mon, 25 Jul 2016 16:55:22 +0000 (UTC) (envelope-from bourne.identity@hotmail.com) Received: from COL004-OMC1S5.hotmail.com (col004-omc1s5.hotmail.com [65.55.34.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "*.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AE6BB1DB2 for ; Mon, 25 Jul 2016 16:55:22 +0000 (UTC) (envelope-from bourne.identity@hotmail.com) Received: from EUR01-HE1-obe.outbound.protection.outlook.com ([65.55.34.7]) by COL004-OMC1S5.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008); Mon, 25 Jul 2016 09:54:16 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=p/tq5HMn8kELUkeHsoPMoJbUoXszRPCsDiF0JNOc9jc=; b=mDY4sKe/NJoj+fij/RH4r7iwxxx/yeHLDjQzqacVnmmgj1sFeJUzzhItkGLWgI7illYMjD7lpPFVxmwFEJCzz1hmrsaTiUuliRQTrpzDoefquKNG+/zmS87uAoBXWGrRHiU0XdBPnTJCLMWE8bKV1xw1INLivNvnWerSnQExMOz8504mygOlDb4X9d2Lf5GkxiShjY6BSjkRnJMj1RUONSwIftrRZHnNDccqlnpI+lKRXDEN9d1Yb8BprujNWo65PwgNr1LCn7TkLz/ycbm5y3IL+tEmHKS844tXRfXRjTPA01cIEFCSMH3zdZP3IUDKSw3+yJEgBEqZ73MgP6kNLg== Received: from DB5EUR01FT020.eop-EUR01.prod.protection.outlook.com (10.152.4.52) by DB5EUR01HT083.eop-EUR01.prod.protection.outlook.com (10.152.5.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.549.5; Mon, 25 Jul 2016 16:54:12 +0000 Received: from VI1PR02MB0974.eurprd02.prod.outlook.com (10.152.4.57) by DB5EUR01FT020.mail.protection.outlook.com (10.152.4.247) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.549.5 via Frontend Transport; Mon, 25 Jul 2016 16:54:10 +0000 Received: from VI1PR02MB0974.eurprd02.prod.outlook.com ([10.163.162.28]) by VI1PR02MB0974.eurprd02.prod.outlook.com ([10.163.162.28]) with mapi id 15.01.0544.019; Mon, 25 Jul 2016 16:54:07 +0000 From: Manish Jain To: FreeBSD Questions CC: Polytropon Subject: Losing network connectivity - Is there a virus on my system ? Thread-Topic: Losing network connectivity - Is there a virus on my system ? Thread-Index: AQHR5pUo9v/tkEPt00e/3uWwbDB/ww== Date: Mon, 25 Jul 2016 16:54:06 +0000 Message-ID: Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=softfail (sender IP is 10.152.4.57) smtp.mailfrom=hotmail.com; freebsd.org; dkim=none (message not signed) header.d=none;freebsd.org; dmarc=fail action=none header.from=hotmail.com; received-spf: SoftFail (protection.outlook.com: domain of transitioning hotmail.com discourages use of 10.152.4.57 as permitted sender) x-ms-exchange-messagesentrepresentingtype: 1 x-eopattributedmessage: 0 x-forefront-antispam-report: CIP:10.152.4.57; IPV:NLI; CTRY:; EFV:NLI; SFV:NSPM; SFS:(10019020)(98900003); DIR:OUT; SFP:1102; SCL:1; SRVR:DB5EUR01HT083; H:VI1PR02MB0974.eurprd02.prod.outlook.com; FPR:; SPF:None; LANG:en; x-microsoft-exchange-diagnostics: 1; DB5EUR01HT083; 6:LrS7JRQZgdirYYb/7v78qsHrgWced4j+baKbV3g0f+NcfXBWAgPyalfd2CKOCL6HY4FJUe8wWejyb3sXXmV2ryG2mgwZLt00tCflUdp/6WEB75kqPHejXpOSegcH/B2Hv2kmgtiW6jX0XbIArcGEymsdD3kWbYOT29xh1y+teNZvYrhfT7f69l3lwieM2+vOHeiVIzQHJwS0t59JYNiKDTNzHviw3XE0HrCOuPoL8I1Mb2WhZ+dlWxIHguNH28nhhqO+uDiiwhjJVIRzzdCsGZeD9TANk4nuborb86W2+SgKwwxXUBLaEXz6Kafjicy3; 5:0PsnVInWy0a5ISb9AS2naVdpyaGRpY43eUPXxS8jeLlFUNxoHp3y9JSyjplIK7GGlMy/qaPaALTpDbHr7D5n8KRRkVs79aqAmjuEm51E7+hPLaORLvQfVAdNvVzHoFq4AyKdhX52Axk4l4lIbVgelg==; 24:i1y6ElxkMQaaDxW8sRFmzFXbM2/6ff6U4Yv2Dk3++sZXxYC9JYruMv2aeTUNoqBD3DbCb2437jX26OJRnRJUNkYt9/a/RkLp7JTy6JWReM4=; 7:iAgMPFYJsQZeLlFUUmo1jrJ66BFEnuBLIPaY38A4lx3n+0fjUV1Zqlm3mcZI2al0CAae+WSXBFHY4SXAT49WVc3axRGP+rlXHhH/Yy98ePRj5rVjo+LBh6kojNd6BBaZCeuTG2fJTC5QPOKOkEAa0WeF439qcjc4157X8DVF2sDm8eAff1+Qelz+r8W15EHEPGwdLaKuPxXOCGQQpKrNuiRkeGZZuhd6KvQu89n9I1UBpua0/jvC37O9MIMCCN+O x-ms-office365-filtering-correlation-id: ee1d7d71-e7da-46fa-1964-08d3b4ac49e9 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(1601124038)(1601125047); SRVR:DB5EUR01HT083; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(432015012)(82015046); SRVR:DB5EUR01HT083; BCL:0; PCL:0; RULEID:; SRVR:DB5EUR01HT083; x-forefront-prvs: 0014E2CF50 spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-ID: <48011878779A5940BFC5A4E5A552B4B4@eurprd02.prod.outlook.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: hotmail.com X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jul 2016 16:54:06.9550 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5EUR01HT083 X-OriginalArrivalTime: 25 Jul 2016 16:54:16.0363 (UTC) FILETIME=[2DD0CFB0:01D1E695] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jul 2016 16:55:23 -0000 Hi, I am using FreeBSD 10.2 amd64, with Win XP as a backup OS. Since=20 yesterday, I am experiencing a strange situation. Internet connectivity is= =20 lost every 10-15 minutes. 'ping www.freebsd.org' starts reporting 100%=20 packet loss. If I run 'service netif restart', ping reports "No route to=20 host". The only way to fix the problem is to reboot into XP where internet works=20 okay. Then I reboot into FreeBSD, where things are okay too - for 10 or=20 minutes, after which the story gets played again. Is it possible that somebody has hacked my system to place some malicious=20 code somewhere to make the system behave like this ? Or is somebody on the= =20 ISP's side doing funny things to bring my internet down ? Any help would be greatly appreciated. Thanks Manish Jain