strange flood

[Slawek <sgp () TELSATGP COM PL>]

Hello,



Last few days my system has been attacked (I've attached some tcpdump'
generated logs)

In fact the traffic increased in time and after a while it happened to block
my internet connection. Eaten it for a few hours. It was repeated day after
day so I started searching for the source.

Well .. in fact I still cannot believe it ;) .. the source IP was *not*
spoofed. That was hacked host so the real attacker is not found so far. The
attack continues from another IP.

We're trying to find the real source..


but I'm curious .. what type of attack is that?

These packets doesn't generate any reply from my system (probably due to
firewall configuration) so could easily be spoofed. It looks like it was
some program used which was designed to this kind of attacking.

Does anybody know of any program that produces this kind of packets?


And the other question which I'd like to know the answer - is this attack
supposed to do some other harm than flooding?



----- fragment on the start of atack - generated by bare "tcpdump >
log" -----
22:16:11.115823 srcIP > myIP: (frag 25804:1368@63640)
22:16:11.248084 srcIP > myIP: (frag 25804:1480@62160+)
22:16:11.380505 srcIP > myIP: (frag 25804:1480@60680+)
22:16:11.513094 srcIP > myIP: (frag 25804:1480@59200+)
22:16:11.645448 srcIP > myIP: (frag 25804:1480@57720+)
22:16:11.778582 srcIP > myIP: (frag 25804:1480@56240+)
22:16:11.911520 srcIP > myIP: (frag 25804:1480@54760+)
22:16:12.043816 srcIP > myIP: (frag 25804:1480@53280+)
22:16:12.176086 srcIP > myIP: (frag 25804:1480@51800+)
22:16:12.307968 srcIP > myIP: (frag 25804:1480@50320+)
22:16:12.440545 srcIP > myIP: (frag 25804:1480@48840+)
22:16:12.572841 srcIP > myIP: (frag 25804:1480@47360+)
22:16:12.705387 srcIP > myIP: (frag 25804:1480@45880+)
22:16:12.837849 srcIP > myIP: (frag 25804:1480@44400+)
22:16:12.974702 srcIP > myIP: (frag 25804:1480@42920+)
22:16:13.107788 srcIP > myIP: (frag 25804:1480@41440+)
22:16:13.239435 srcIP > myIP: (frag 25804:1480@22200+)
22:16:13.372570 srcIP > myIP: (frag 25804:1480@1480+)
22:16:13.651569 srcIP > myIP: (frag 25925:1480@57720+)
22:16:13.784195 srcIP > myIP: (frag 25925:1480@56240+)
22:16:13.916586 srcIP > myIP: (frag 25925:1480@13320+)
22:16:14.048925 srcIP > myIP: (frag 25925:1480@11840+)
22:16:14.192140 srcIP > myIP: (frag 26055:1368@63640)
22:16:14.325074 srcIP > myIP: (frag 26055:1480@62160+)
22:16:14.457991 srcIP > myIP: (frag 26055:1480@60680+)
22:16:14.590841 srcIP > myIP: (frag 26055:1480@34040+)
22:16:14.723144 srcIP > myIP: (frag 26055:1480@32560+)
22:16:14.854496 srcIP > myIP: (frag 26181:1368@63640)
22:16:14.986593 srcIP > myIP: (frag 26181:1480@62160+)
22:16:15.119149 srcIP > myIP: (frag 26181:1480@60680+)
22:16:15.251828 srcIP > myIP: (frag 26181:1480@59200+)
22:16:15.384177 srcIP > myIP: (frag 26181:1480@57720+)
22:16:15.517501 srcIP > myIP: (frag 26181:1480@56240+)
22:16:15.649612 srcIP > myIP: (frag 26181:1480@54760+)
22:16:15.782585 srcIP > myIP: (frag 26181:1480@53280+)
22:16:15.916499 srcIP > myIP: (frag 26181:1480@51800+)
22:16:16.049251 srcIP > myIP: (frag 26181:1480@41440+)
22:16:16.181499 srcIP > myIP: (frag 26181:1480@26640+)
22:16:16.314082 srcIP > myIP: (frag 26181:1480@11840+)
22:16:16.444521 srcIP > myIP: (frag 26300:1368@63640)
22:16:16.591383 srcIP > myIP: (frag 26300:1480@62160+)
22:16:16.724014 srcIP > myIP: (frag 26300:1480@60680+)
22:16:16.856491 srcIP > myIP: (frag 26300:1480@59200+)
22:16:16.988777 srcIP > myIP: (frag 26300:1480@53280+)
22:16:17.121298 srcIP > myIP: (frag 26300:1480@37000+)
22:16:17.257038 srcIP > myIP: (frag 26443:1368@63640)
22:16:17.390884 srcIP > myIP: (frag 26443:1480@62160+)
22:16:17.523773 srcIP > myIP: (frag 26443:1480@60680+)
22:16:17.655922 srcIP > myIP: (frag 26443:1480@59200+)
22:16:17.788788 srcIP > myIP: (frag 26443:1480@57720+)
22:16:17.920790 srcIP > myIP: (frag 26443:1480@42920+)
22:16:18.053474 srcIP > myIP: (frag 26443:1480@31080+)
22:16:18.185713 srcIP > myIP: (frag 26443:1480@29600+)
22:16:18.318303 srcIP > myIP: (frag 26443:1480@16280+)
----- end -----



Bye,
Slawek