Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

DOS attack

From: vanguard () GENIUSNET RO (Bogdan Catalin Donici)
Date: Mon, 26 Jun 2000 13:35:04 -0700

hello,

my ns. is under constat DOS-attack (for 3 day, and more :((   ) 

the only way to break is to block all icmp (to ns.geniusnet.ro ) on the internet-nod

the flood is icmp fragmented  and not easy to automatical stop on router (rules)

"the bad boy" take down one of my up-link

i try to contact admin of  this site and after 3 day no actions  .......... :((  us.gov is in week-end   

Q: it is or not responsable (for this attack) admin of liq.wa.gov and  FVSC.PeachNet.EDU  ??

"The bad boy" have access to this pc (winblows,  maybe NT)

tcpdump::

16:18:24.006494 home.liq.wa.gov > ns.geniusnet.ro: (frag 5111:1480@20720+)

16:18:24.081906 home.liq.wa.gov > ns.geniusnet.ro: (frag 5111:1480@22200+)

16:18:24.118999 home.liq.wa.gov > ns.geniusnet.ro: (frag 5111:1480@23680+)

16:18:24.157186 home.liq.wa.gov > ns.geniusnet.ro: (frag 5111:1480@25160+)

16:18:24.217001 home.liq.wa.gov > ns.geniusnet.ro: (frag 5111:1480@26640+)

16:18:24.279078 home.liq.wa.gov > ns.geniusnet.ro: (frag 5111:1480@28120+)

16:18:24.356501 home.liq.wa.gov > ns.geniusnet.ro: (frag 5111:1480@29600+)

16:18:24.413674 home.liq.wa.gov > ns.geniusnet.ro: icmp: echo request (frag 6903:1480@0+)

16:18:24.479011 home.liq.wa.gov > ns.geniusnet.ro: (frag 5111:1480@31080+)

16:18:24.539397 agschool.FVSC.PeachNet.EDU > ns.geniusnet.ro: icmp: echo request (frag 58260:1480@0+)

16:18:24.598908 home.liq.wa.gov > ns.geniusnet.ro: (frag 5111:1480@47360+)

16:18:24.658490 agschool.FVSC.PeachNet.EDU > ns.geniusnet.ro: (frag 58260:1480@1480+)

16:18:24.801139 agschool.FVSC.PeachNet.EDU > ns.geniusnet.ro: (frag 58260:1480@4440+)

16:18:24.846904 agschool.FVSC.PeachNet.EDU > ns.geniusnet.ro: (frag 58260:1480@11840+)

16:18:24.906843 agschool.FVSC.PeachNet.EDU > ns.geniusnet.ro: (frag 58260:1480@34040+)

16:18:24.977072 agschool.FVSC.PeachNet.EDU > ns.geniusnet.ro: (frag 58260:1480@54760+)

16:18:25.051474 agschool.FVSC.PeachNet.EDU > ns.geniusnet.ro: (frag 58260:1480@60680+)

16:18:25.097768 home.liq.wa.gov > ns.geniusnet.ro: (frag 6903:1480@7400+)

16:18:25.156975 home.liq.wa.gov > ns.geniusnet.ro: (frag 6903:1480@8880+)

16:18:25.218894 home.liq.wa.gov > ns.geniusnet.ro: (frag 6903:1480@10360+)

16:18:25.292540 home.liq.wa.gov > ns.geniusnet.ro: (frag 6903:1480@11840+)

16:18:25.346723 home.liq.wa.gov > ns.geniusnet.ro: (frag 6903:1480@13320+)

16:18:25.417419 home.liq.wa.gov > ns.geniusnet.ro: (frag 6903:1480@14800+)

16:18:25.487743 home.liq.wa.gov > ns.geniusnet.ro: (frag 6903:1480@16280+)

16:18:25.523032 0:0:1d:f4:6f:e9 > 1:80:c2:0:0:0 802.1d ui/C len=47

0000 0000 0080 0000 001d f46f e900 0000

0080 0000 001d f46f e980 0a00 0014 0002

000f 0067 98c2 6600 0000 00f0 cbee 6d

16:18:25.549693 home.liq.wa.gov > ns.geniusnet.ro: (frag 6903:1480@17760+)

16:18:25.619484 home.liq.wa.gov > ns.geniusnet.ro: (frag 6903:1480@19240+)

16:18:25.679226 home.liq.wa.gov > ns.geniusnet.ro: (frag 6903:1480@20720+)

16:18:25.737120 home.liq.wa.gov > ns.geniusnet.ro: (frag 6903:1480@22200+)

16:18:25.806888 home.liq.wa.gov > ns.geniusnet.ro: (frag 6903:1480@23680+)

16:18:25.872985 home.liq.wa.gov > ns.geniusnet.ro: (frag 6903:1480@34040+)

16:18:25.928280 home.liq.wa.gov > ns.geniusnet.ro: icmp: echo request (frag 8951:1480@0+)

16:18:25.989340 home.liq.wa.gov > ns.geniusnet.ro: (frag 6903:1480@44400+)

16:18:26.056901 agschool.FVSC.PeachNet.EDU > ns.geniusnet.ro: icmp: echo request (frag 60820:1480@0+)

16:18:26.115470 home.liq.wa.gov > ns.geniusnet.ro: (frag 6903:1368@63640)

16:18:26.246957 agschool.FVSC.PeachNet.EDU > ns.geniusnet.ro: (frag 60820:1480@1480+)

16:18:26.306844 agschool.FVSC.PeachNet.EDU > ns.geniusnet.ro: (frag 60820:1480@4440+)

16:18:26.372516 agschool.FVSC.PeachNet.EDU > ns.geniusnet.ro: (frag 60820:1480@25160+)

16:18:26.432342 agschool.FVSC.PeachNet.EDU > ns.geniusnet.ro: (frag 60820:1480@42920+)

16:18:26.486676 home.liq.wa.gov > ns.geniusnet.ro: (frag 8951:1480@5920+)

16:18:26.493133 ns.geniusnet.ro > agschool.FVSC.PeachNet.EDU: icmp: ip reassembly time exceeded [tos 0xc0]

16:18:26.562576 home.liq.wa.gov > ns.geniusnet.ro: (frag 8951:1480@7400+)

16:18:26.626519 home.liq.wa.gov > ns.geniusnet.ro: (frag 8951:1480@8880+)

16:18:26.686556 home.liq.wa.gov > ns.geniusnet.ro: (frag 8951:1480@10360+)

16:18:26.747633 home.liq.wa.gov > ns.geniusnet.ro: (frag 8951:1480@11840+)

16:18:26.829417 home.liq.wa.gov > ns.geniusnet.ro: (frag 8951:1480@13320+)

16:18:26.888978 home.liq.wa.gov > ns.geniusnet.ro: (frag 8951:1480@14800+)

16:18:26.948719 home.liq.wa.gov > ns.geniusnet.ro: (frag 8951:1480@16280+)

16:18:27.011928 home.liq.wa.gov > ns.geniusnet.ro: (frag 8951:1480@17760+)

16:18:27.066530 home.liq.wa.gov > ns.geniusnet.ro: (frag 8951:1480@19240+)

16:18:27.186737 home.liq.wa.gov > ns.geniusnet.ro: (frag 8951:1480@20720+)

16:18:27.259168 home.liq.wa.gov > ns.geniusnet.ro: (frag 8951:1480@22200+)

16:18:27.319015 home.liq.wa.gov > ns.geniusnet.ro: (frag 8951:1480@23680+)

16:18:27.395770 home.liq.wa.gov > ns.geniusnet.ro: icmp: echo request (frag 10487:1480@0+)

16:18:27.436571 home.liq.wa.gov > ns.geniusnet.ro: (frag 8951:1480@44400+)

16:18:27.496564 agschool.FVSC.PeachNet.EDU > ns.geniusnet.ro: icmp: echo request (frag 63124:1480@0+)

16:18:27.523053 0:0:1d:f4:6f:e9 > 1:80:c2:0:0:0 802.1d ui/C len=47

0000 0000 0080 0000 001d f46f e900 0000

0080 0000 001d f46f e980 0a00 0014 0002

000f 0000 0001 0100 0000 004e 9d89 d7

16:18:27.569774 home.liq.wa.gov > ns.geniusnet.ro: (frag 8951:1480@54760+)

16:18:27.630923 home.liq.wa.gov > ns.geniusnet.ro: (frag 10487:1480@1480+)

16:18:27.696848 agschool.FVSC.PeachNet.EDU > ns.geniusnet.ro: (frag 63124:1480@2960+)

16:18:27.761573 agschool.FVSC.PeachNet.EDU > ns.geniusnet.ro: (frag 63124:1480@1480+)

16:18:27.816649 agschool.FVSC.PeachNet.EDU > ns.geniusnet.ro: (frag 63124:1480@14800+)

16:18:27.876395 agschool.FVSC.PeachNet.EDU > ns.geniusnet.ro: (frag 63124:1480@31080+)

16:18:27.947211 agschool.FVSC.PeachNet.EDU > ns.geniusnet.ro: (frag 63124:1480@50320+)

16:18:27.973133 ns.geniusnet.ro > agschool.FVSC.PeachNet.EDU: icmp: ip reassembly time exceeded [tos 0xc0]

16:18:27.996973 agschool.FVSC.PeachNet.EDU > ns.geniusnet.ro: (frag 63124:1368@63640)

16:18:28.058248 home.liq.wa.gov > ns.geniusnet.ro: (frag 10487:1480@7400+)

16:18:28.126764 home.liq.wa.gov > ns.geniusnet.ro: (frag 10487:1480@8880+)

16:18:28.186728 home.liq.wa.gov > ns.geniusnet.ro: (frag 10487:1480@10360+)

16:18:28.257429 home.liq.wa.gov > ns.geniusnet.ro: (frag 10487:1480@11840+)

16:18:28.312774 home.liq.wa.gov > ns.geniusnet.ro: (frag 10487:1480@13320+)

16:18:28.366526 home.liq.wa.gov > ns.geniusnet.ro: (frag 10487:1480@14800+)

16:18:28.436483 home.liq.wa.gov > ns.geniusnet.ro: (frag 10487:1480@16280+)

16:18:28.496588 home.liq.wa.gov > ns.geniusnet.ro: (frag 10487:1480@17760+)

16:18:28.558017 home.liq.wa.gov > ns.geniusnet.ro: (frag 10487:1480@19240+)

16:18:28.616676 home.liq.wa.gov > ns.geniusnet.ro: (frag 10487:1480@20720+)

16:18:28.686417 home.liq.wa.gov > ns.geniusnet.ro: (frag 10487:1480@22200+)

16:18:28.746826 home.liq.wa.gov > ns.geniusnet.ro: (frag 10487:1480@23680+)

16:18:28.808617 home.liq.wa.gov > ns.geniusnet.ro: (frag 10487:1480@25160+)

16:18:28.938991 home.liq.wa.gov > ns.geniusnet.ro: (frag 10487:1480@26640+)

16:18:29.006443 home.liq.wa.gov > ns.geniusnet.ro: (frag 10487:1480@28120+)

16:18:29.066761 home.liq.wa.gov > ns.geniusnet.ro: icmp: echo request (frag 12279:1480@0+)
Previous By Date Next
Previous By Thread Next

Current thread: