Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: an attack that shut off my dsl

From: mgribov () KPLAB COM (Max Gribov)
Date: Thu, 15 Jun 2000 16:27:42 -0400

the time got screwed up because of something else though... the logs are
correct. the time thing happened because of copy/paste from linux to windows
i guess...
but the logs are authentic.

----- Original Message -----
From: Eduardo Cruz <eduardo.cruz () TS-G COM>
To: <INCIDENTS () SECURITYFOCUS COM>
Sent: Wednesday, June 14, 2000 6:18 PM
Subject: Re: an attack that shut off my dsl


hehe
there is somenthing wrong with that supossed atack or your clock goes
backwards


Jun 12 13:25:45 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:4975 L=60 S=0x00 I=27169 F=0x4000 T=241

(#1)

13:25:45 <-- you are blocking him



Jun 12 13:24:12 mordor pppd[58]: Modem hangup


13:24:12 <-- pppd closes the link

:)


----- Original Message -----
From: Max Gribov <mgribov () KPLAB COM>
To: <INCIDENTS () SECURITYFOCUS COM>
Sent: Monday, June 12, 2000 8:52 PM
Subject: an attack that shut off my dsl



i got this on my home machine. appears as some kind of a DoS, but i cant
figure out how it managed to shut off my dsl.

sorry if this is a bit too long.

max



Jun 12 13:13:34 mordor portsentry[831]: attackalert: UDP scan from host:
gni-gate.gnilink.net/199.45.47.4 to UDP port: 161
Jun 12 13:13:34 mordor portsentry[831]: attackalert: Host 199.45.47.4

has

been blocked via wrappers with string: "ALL: 199.45.47.4"
Jun 12 13:13:34 mordor portsentry[831]: attackalert: Host 199.45.47.4

has

been blocked via dropped route using command: "/sbin/ipchains -I

input -s

199.45.47.4 -j DENY -l"
Jun 12 13:13:35 mordor kernel: Packet log: input DENY ppp0 PROTO=17
199.45.47.4:43987 151.202.106.23:161 L=68 S=0x00 I=64357 F=0x0000 T=112

(#1)

Jun 12 13:13:35 mordor kernel: Packet log: input DENY ppp0 PROTO=17
199.45.47.4:44022 151.202.106.23:161 L=69 S=0x00 I=13670 F=0x0000 T=112

(#1)

Jun 12 13:13:36 mordor kernel: Packet log: input DENY ppp0 PROTO=17
199.45.47.4:44022 151.202.106.23:161 L=69 S=0x00 I=29030 F=0x0000 T=112

(#1)

Jun 12 13:22:57 mordor kernel: Packet log: input DENY ppp0 PROTO=1
199.45.47.4:0 151.202.106.23:0 L=28 S=0x00 I=30459 F=0x4000 T=241 (#1)
Jun 12 13:22:58 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:257 151.202.106.23:2966 L=40 S=0x00 I=30460 F=0x4000 T=42

(#1)

Jun 12 13:22:58 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:257 151.202.106.23:2976 L=40 S=0x00 I=30461 F=0x4000 T=42

(#1)

Jun 12 13:22:58 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:257 151.202.106.23:2986 L=40 S=0x00 I=30462 F=0x4000 T=42

(#1)

Jun 12 13:23:19 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:258 151.202.106.23:4526 L=40 S=0x00 I=30463 F=0x4000 T=42

(#1)

Jun 12 13:23:19 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:258 151.202.106.23:4536 L=40 S=0x00 I=30464 F=0x4000 T=42

(#1)

Jun 12 13:23:19 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:258 151.202.106.23:4546 L=40 S=0x00 I=30465 F=0x4000 T=42

(#1)

Jun 12 13:23:37 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:1884 L=60 S=0x00 I=30467 F=0x4000 T=241

(#1)

Jun 12 13:23:37 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:1894 L=60 S=0x00 I=30468 F=0x4000 T=241

(#1)

Jun 12 13:23:40 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:1874 L=60 S=0x00 I=30469 F=0x4000 T=241

(#1)

Jun 12 13:23:40 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:1884 L=60 S=0x00 I=30470 F=0x4000 T=241

(#1)

Jun 12 13:23:40 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:1894 L=60 S=0x00 I=30471 F=0x4000 T=241

(#1)

Jun 12 13:23:46 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:1874 L=60 S=0x00 I=30472 F=0x4000 T=241

(#1)

Jun 12 13:23:47 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:1884 L=60 S=0x00 I=30473 F=0x4000 T=241

(#1)

Jun 12 13:23:59 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:1874 L=60 S=0x00 I=27143 F=0x4000 T=241

(#1)

Jun 12 13:23:59 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:1884 L=60 S=0x00 I=27144 F=0x4000 T=241

(#1)

Jun 12 13:23:59 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:1894 L=60 S=0x00 I=27145 F=0x4000 T=241

(#1)

Jun 12 13:24:05 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:4955 L=60 S=0x00 I=27146 F=0x4000 T=241

(#1)

Jun 12 13:24:05 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:4965 L=60 S=0x00 I=27147 F=0x4000 T=241

(#1)

Jun 12 13:24:05 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:4975 L=60 S=0x00 I=27148 F=0x4000 T=241

(#1)

Jun 12 13:24:09 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:4955 L=60 S=0x00 I=27149 F=0x4000 T=241

(#1)

Jun 12 13:24:09 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:4965 L=60 S=0x00 I=27150 F=0x4000 T=241

(#1)

Jun 12 13:24:09 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:4975 L=60 S=0x00 I=27151 F=0x4000 T=241

(#1)

Jun 12 13:24:25 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:1874 L=60 S=0x00 I=27155 F=0x4000 T=241

(#1)

Jun 12 13:24:25 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:1884 L=60 S=0x00 I=27156 F=0x4000 T=241

(#1)

Jun 12 13:24:25 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:1894 L=60 S=0x00 I=27157 F=0x4000 T=241

(#1)

Jun 12 13:24:28 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:4955 L=60 S=0x00 I=27158 F=0x4000 T=241

(#1)

Jun 12 13:24:28 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:4965 L=60 S=0x00 I=27159 F=0x4000 T=241

(#1)

Jun 12 13:24:28 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:4975 L=60 S=0x00 I=27160 F=0x4000 T=241

(#1)

Jun 12 13:24:54 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:4955 L=60 S=0x00 I=27161 F=0x4000 T=241

(#1)

Jun 12 13:24:54 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:4965 L=60 S=0x00 I=27162 F=0x4000 T=241

(#1)

Jun 12 13:24:54 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:4975 L=60 S=0x00 I=27163 F=0x4000 T=241

(#1)

Jun 12 13:25:16 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:1874 L=60 S=0x00 I=27164 F=0x4000 T=241

(#1)

Jun 12 13:25:16 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:1884 L=60 S=0x00 I=27165 F=0x4000 T=241

(#1)

Jun 12 13:25:16 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:1894 L=60 S=0x00 I=27166 F=0x4000 T=241

(#1)

Jun 12 13:25:45 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:4955 L=60 S=0x00 I=27167 F=0x4000 T=241

(#1)

Jun 12 13:25:45 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:4965 L=60 S=0x00 I=27168 F=0x4000 T=241

(#1)

Jun 12 13:25:45 mordor kernel: Packet log: input DENY ppp0 PROTO=6
199.45.47.4:256 151.202.106.23:4975 L=60 S=0x00 I=27169 F=0x4000 T=241

(#1)

Jun 12 13:24:12 mordor pppoe[61]: Session terminated -- received PADT

from

access concentrator
Jun 12 13:24:12 mordor pppd[58]: Modem hangup
Jun 12 13:24:12 mordor kernel: ppp: channel ppp0 closing.
Jun 12 13:24:12 mordor kernel: ppp0 released
Jun 12 13:24:12 mordor kernel: ppp0: ccp closed
Jun 12 13:24:12 mordor pppd[58]: Connection terminated.
Jun 12 13:24:12 mordor pppd[58]: Connect time 1036.5 minutes.
Jun 12 13:24:12 mordor pppd[58]: Sent 2607605 bytes, received 39478798
bytes.
Jun 12 13:24:12 mordor pppd[58]: Exit.
Previous By Date Next
Previous By Thread Next

Current thread: