nanog mailing list archives

Re: Denial of service attacks apparently from UUNET Netblocks

From: Dan Foster <dsf () frontiernet net>
Date: Tue, 7 Oct 1997 07:01:34 -0400 (EDT)

Hot Diggety! Doug Davis was rumored to have said...

19:56:56.854432 snap 0:0:0:8:0 37.31.237.183.1900 > 206.66.14.112.57039: S 674719801:674719801(0) win 65535 (ttl 21, 
id 13333)
19:56:56.854432 snap 0:0:0:8:0 76.167.191.100.1900 > 206.66.14.112.57040: S 674719801:674719801(0) win 65535 (ttl 21, 
id 13334)
19:56:56.854432 snap 0:0:0:8:0 131.254.10.213.1900 > 206.66.14.112.57041: S 674719801:674719801(0) win 65535 (ttl 21, 
id 13335)
19:56:56.855409 snap 0:0:0:8:0 74.60.41.73.1900 > 206.66.14.112.57042: S 674719801:674719801(0) win 65535 (ttl 21, id 
13336)


Ouch...painful. A whole lot of SYNs with forged source address, eh? Hmm...
interesting. Karl, if I might ask - did your attack originate from any specific
port, like 1900 as is listed here?

I'm just curious since I'd like to get a rough idea if there's some program
other than smurf.c out there that makes use of a specific port by default,
or if this is just a one time occurence by a few separate idiots.

And as usual, thanks for the heads up from folks on NANOG.

-Dan Foster
Frontier Internet
Internet: dsf () frontiernet net

Current thread:

Re: Denial of service attacks apparently from UUNET Netblocks, (continued)
- - - Message not available
    - Re: Denial of service attacks apparently from UUNET Netblocks Jay R. Ashworth (Oct 07)
    - Re: Denial of service attacks apparently from UUNET Netblocks John A. Tamplin (Oct 07)
    - Re: Denial of service attacks apparently from UUNET Netblocks Greg A. Woods (Oct 07)
    - Re: Denial of service attacks apparently from UUNET Netblocks David Lesher (Oct 07)
    - Re: Denial of service attacks apparently from UUNET Netblocks David Lesher (Oct 07)
    - Re: Denial of service attacks apparently from UUNET Netblocks Karl Denninger (Oct 07)
    - Re: Denial of service attacks apparently from UUNET Netblocks Joe Shaw (Oct 07)
    - Re: Denial of service attacks apparently from UUNET Netblocks Brett Frankenberger (Oct 07)
    - Re: Denial of service attacks apparently from UUNET Netblocks Karl Denninger (Oct 08)
- Re: Denial of service attacks apparently from UUNET Netblocks Doug Davis (Oct 06)
  - Re: Denial of service attacks apparently from UUNET Netblocks Dan Foster (Oct 07)
    - Re: Denial of service attacks apparently from UUNET Netblocks Karl Denninger (Oct 07)
    - Re: Denial of service attacks apparently from UUNET Netblocks Joe Shaw (Oct 07)
    - Re: Denial of service attacks apparently from UUNET Netblocks Karl Denninger (Oct 07)
- Re: Denial of service attacks apparently from UUNET Netblocks Barney Wolff (Oct 07)
  - Re: Denial of service attacks apparently from UUNET Netblocks Joe Shaw (Oct 08)
- Re: Denial of service attacks apparently from UUNET Netblocks Sean Donelan (Oct 07)
  - Re: Denial of service attacks apparently from UUNET Netblocks Sharif Torpis (Oct 07)
    - Re: Denial of service attacks apparently from UUNET Netblocks Dale Drew (Oct 08)
  - Re: Denial of service attacks apparently from UUNET Netblocks Alex "Mr. Worf" Yuriev (Oct 07)
- Re: Denial of service attacks apparently from UUNET Netblocks Sean Donelan (Oct 07)

(Thread continues...)