Security Incidents mailing list archives
Re: 62.158.159.87 syn-flooding
From: Bill Royds <Bill_Royds () PCH GC CA>
Date: Mon, 29 Jan 2001 15:18:27 -0500
We have seen this many times from this ISP (sometimes different IP numbers but same network and exploit). Rainer Weikusat <weikusat () MAIL UNI-MAINZ DE> on 01/28/2001 08:00:28 AM Please respond to Rainer Weikusat <weikusat () MAIL UNI-MAINZ DE> To: INCIDENTS () SECURITYFOCUS COM cc: (bcc: Bill Royds/HullOttawa/PCH/CA) Subject: 62.158.159.87 syn-flooding I wonder if this is a global scale idiot or if whe somehow annoyed him. fwiw Jan 28 12:44:29 karfinux kernel: Packet log: tcp_in REJECT eth0 PROTO=6 62.158.159.87:1488 134.93.42.1:20 L=48 S=0x00 I=62824 F=0x4000 T=113 SYN (#6) Jan 28 12:44:29 karfinux in.ftpd[6714]: connect from 62.158.159.87 Jan 28 12:44:29 karfinux ftpd[6714]: connection from p3E9E9F57.dip.t-dialin.net Jan 28 12:44:29 karfinux sshd[298]: debug: Forked child 6715. Jan 28 12:44:29 karfinux sshd[6715]: connect from 62.158.159.87 Jan 28 12:44:29 karfinux sshd[6715]: log: Connection from 62.158.159.87 port 1490 Jan 28 12:44:29 karfinux kernel: Packet log: tcp_in REJECT eth0 PROTO=6 62.158.159.87:1491 134.93.42.1:23 L=48 S=0x00 I=64616 F=0x4000 T=113 SYN (#6) [continuuos, incl ftpd-DoS ('looping')] Jan 28 13:48:28 karfinux kernel: Packet log: input DENY eth0 PROTO=6 62.158.159.87:4886 134.93.42.1:22 L=48 S=0x00 I=5888 F=0x4000 T=113 SYN (#1) Jan 28 13:48:28 karfinux kernel: Packet log: input DENY eth0 PROTO=6 62.158.159.87:4892 134.93.42.1:22 L=48 S=0x00 I=6144 F=0x4000 T=113 SYN (#1) Jan 28 13:48:28 karfinux kernel: Packet log: input DENY eth0 PROTO=6 62.158.159.87:4876 134.93.42.1:22 L=48 S=0x00 I=6400 F=0x4000 T=113 SYN (#1) Jan 28 13:48:28 karfinux kernel: Packet log: input DENY eth0 PROTO=6 62.158.159.87:4895 134.93.42.1:22 L=48 S=0x00 I=6656 F=0x4000 T=113 SYN (#1) Jan 28 13:48:28 karfinux kernel: Packet log: input DENY eth0 PROTO=6 62.158.159.87:4885 134.93.42.1:22 L=48 S=0x00 I=6912 F=0x4000 T=113 SYN (#1) Jan 2 -- SIGSTOP
Current thread:
- 62.158.159.87 syn-flooding Rainer Weikusat (Jan 29)
- <Possible follow-ups>
- Re: 62.158.159.87 syn-flooding Bill Royds (Jan 29)
- Wingate 1080/8080 Scans Brian Taylor (Jan 30)
- Re: Wingate 1080/8080 Scans James Kelty (Jan 31)
- Wingate 1080/8080 Scans Brian Taylor (Jan 30)