Security Incidents mailing list archives
DDoS Attacks....
From: James Kelty <james () TUNA ORG>
Date: Mon, 13 Nov 2000 15:12:40 -0800
Hello, I seem to be under a DDoS Attack at the moment. I recieved these logs from my firewall <SNIP> 488. 2000-11-13 14:49:24 ATTACK ALARM: ICMP Flood from 207.100.65.30 to 209.10.46.156 prot 1 (untrust) 489. 2000-11-13 14:49:24 ATTACK ALARM: ICMP Flood from 206.222.103.134 to 209.10.46.156 prot 1 (untrust) 490. 2000-11-13 14:49:23 ATTACK ALARM: ICMP Flood from 149.39.250.1 to 209.10.46.156 prot 1 (untrust) 491. 2000-11-13 14:49:23 ATTACK ALARM: ICMP Flood from 134.174.9.41 to 209.10.46.156 prot 1 (untrust) 492. 2000-11-13 14:49:23 ATTACK ALARM: ICMP Flood from 198.59.162.254 to 209.10.46.156 prot 1 (untrust) 493. 2000-11-13 14:49:23 ATTACK ALARM: ICMP Flood from 209.11.133.190 to 209.10.46.156 prot 1 (untrust) 494. 2000-11-13 14:49:23 ATTACK ALARM: ICMP Flood from 4.24.80.18 to 209.10.46.156 prot 1 (untrust) 495. 2000-11-13 14:49:22 ATTACK ALARM: ICMP Flood from 204.89.131.10 to 209.10.46.156 prot 1 (untrust) 496. 2000-11-13 14:49:22 ATTACK ALARM: ICMP Flood from 209.11.133.189 to 209.10.46.156 prot 1 (untrust) <SNIP> It seems that there are several IP that these are coming from, all at once, (Hence the DDoS). The thing is that, the firewall that they are hitting is just a NAT firewall for outbound traffic via SMTP, and NO incoming traffic should go that way. It is not really hurting me at the moment, but when someone figures out what they are doing, this could be bad. Any advice? Other that making sure that all my firewalls do not allow ICMP traffc, (Done!). Thanks! -James
Current thread:
- DDoS Attacks.... James Kelty (Nov 14)
- <Possible follow-ups>
- Re: DDoS Attacks.... J. Oquendo (Nov 16)