Snort mailing list archives
Re: [Emerging-Sigs] Attack from .jp IPs
From: Steve McChortle <steve.mcchortle () gmail com>
Date: Tue, 7 Dec 2010 10:16:03 -0600
So I did some research. Apparently if you downloaded the Snort source and compiled from scratch there should be a file called sleeping_giant.conf. Have you tried running this: USA@Pwnamamoto:/root/suckit/# snort -c /etc/snort/sleeping_giant.conf Make sure you are in IPS mode so it will block. Hope this helps. Steve On Tue, Dec 7, 2010 at 9:39 AM, Mike Cox <mike.cox52 () gmail com> wrote:
I am also seeing increased traffic from APNIC. My data carriers are getting torpedoed and sunk pretty bad. Can't resolve anything here right now.... -Mike Cox On Tue, Dec 7, 2010 at 9:36 AM, evilghost () packetmail net <evilghost () packetmail net> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A few of them were resolving for me here locally but as localhost? Isuspectsome of these FQDNs may be sinkholed? I was pointed to roothints. They no longer appear resolvable? - -evilghost On 12/07/10 09:28, Matt Olney wrote:Do you have the original IPs? Can't resolve any of those. Matt On Tue, Dec 7, 2010 at 10:18 AM, L0rd Ch0de1m0rt <l0rdch0de1m0rt () gmail com <mailto:l0rdch0de1m0rt () gmail com>> wrote: Hello, almost exactly at 7:41 AM this morning multiple servers in my enterprise are under attack by DDoS with TCP Zeroes-window size destined to port 1941 and 1207, the hosts appear to resolve PTR as hideki.tojo.jp <http://hideki.tojo.jp>, isoroku.yamamoto.jp <http://isoroku.yamamoto.jp>, tomoyuki.yamashita.jp <http://tomoyuki.yamashita.jp>, and more. Is anyone else seeing this? Thanks. -L0rd C.------------------------------------------------------------------------------What happens now with your Lotus Notes apps - do you make anothercostlyupgrade, or settle for being marooned without product support? Time to move off Lotus Notes and onto the cloud with Force.com, apps are easier to build, use, and manage than apps on traditional platforms. Sign up for the Lotus Notes Migration Kit to learn more.http://p.sf.net/sfu/salesforce-d2d_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net <mailto:Snort-sigs () lists sourceforge net> https://lists.sourceforge.net/lists/listinfo/snort-sigs _______________________________________________ Emerging-sigs mailing list Emerging-sigs () emergingthreats net http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs Support Emerging Threats! Subscribe to Emerging Threats Prohttp://www.emergingthreatspro.comThe ONLY place to get complete premium rulesets for Snort 2.4.0 throughCurrent!-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJM/lR+AAoJENgimYXu6xOHWZ4P/Avmvx4gYNVguT0jQeY1x5KR D6hzaMpdtxOS/yPeWaJm7MPzQiF1XlcoCSbth+JdAsO59bnh83B9jYN8fuorGxID T8ARbngA3tQWlyrjarxEZc/ihKnbjPWygPwQJOdn91QhP+g7fjXTfbuG3aU5BkM8 q+CfNRsyiYr9tL6KuvvWCbd9wJq2/F+4VAY0lM2Um6x6L6oC1Ar7/d7ZO8iDV/M7 Ei3iJEgmTBcG1Zs0N96p0VwwkycDH8UaY2H5rKKvegUIOpStWgFdj/6o1+CdWrhW FJavJwoa+4jfTQPapHrt2FuSyvFteOy1G5TBNzzMjgb/U2NjUlKI7GpURYnxsUcg fQ0vNhe1KKGscXMJNpltjE/xjX+46Nk9yLmeLnlx1yZvhq7+XgyaWjmztDOB6qvw f8Z6Ayx1QMWV5MiQUuoQEo6obqnTELTFI1RX3qRfPYLvBOz4dDyGpBc1rQQrxzry Xxi19pR3zULUNgaq1vIiD48f1FZw7nUaZt1aR6E58iLkwhMrEHAirGpHVGcjceRP /es63AKfF410kZcJJdVQjc77qdLnIkr9WGoakE7uOLYlJ4b9cZN/671ar5g+zslg eVT1a52zFIMbozw71jBQoDvCUJtnvxSe+Z0oy4ty55kU/KxayVb68sezyt4m7YSX iPQPyB3uqV7yFDEmfhVl =ASqR -----END PGP SIGNATURE----- _______________________________________________ Emerging-sigs mailing list Emerging-sigs () emergingthreats net http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs Support Emerging Threats! Subscribe to Emerging Threats Prohttp://www.emergingthreatspro.comThe ONLY place to get complete premium rulesets for Snort 2.4.0 throughCurrent!_______________________________________________ Emerging-sigs mailing list Emerging-sigs () emergingthreats net http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!
------------------------------------------------------------------------------ What happens now with your Lotus Notes apps - do you make another costly upgrade, or settle for being marooned without product support? Time to move off Lotus Notes and onto the cloud with Force.com, apps are easier to build, use, and manage than apps on traditional platforms. Sign up for the Lotus Notes Migration Kit to learn more. http://p.sf.net/sfu/salesforce-d2d
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- Attack from .jp IPs L0rd Ch0de1m0rt (Dec 07)
- Re: [Emerging-Sigs] Attack from .jp IPs Jason Wallace (Dec 07)
- Re: [Emerging-Sigs] Attack from .jp IPs Sandro guly Zaccarini (Dec 07)
- Re: Attack from .jp IPs Matt Olney (Dec 07)
- Message not available
- Re: [Emerging-Sigs] Attack from .jp IPs Mike Cox (Dec 07)
- Re: [Emerging-Sigs] Attack from .jp IPs Steve McChortle (Dec 07)
- Message not available
- Re: [Emerging-Sigs] Attack from .jp IPs Jason Wallace (Dec 07)
- Re: Attack from .jp IPs Martin Roesch (Dec 07)
- Re: Attack from .jp IPs Giles Coochey (Dec 07)
- Re: Attack from .jp IPs Jamie Riden (Dec 07)
- Re: [Emerging-Sigs] Attack from .jp IPs Josh Little (Dec 07)
- Re: [Emerging-Sigs] Attack from .jp IPs Joel Esler (Dec 07)
- Re: [Emerging-Sigs] Attack from .jp IPs evilghost () packetmail net (Dec 07)
- Re: [Emerging-Sigs] Attack from .jp IPs Tom Le (Dec 07)
- Re: [Emerging-Sigs] Attack from .jp IPs Jamie Riden (Dec 08)