We have seen this many times from this ISP (sometimes different IP numbers but
same network and exploit).

Rainer Weikusat <weikusatMAIL.UNI-MAINZ.DE> on 01/28/2001 08:00:28 AM

Please respond to Rainer Weikusat <weikusatMAIL.UNI-MAINZ.DE>

 To: INCIDENTSSECURITYFOCUS.COM

 cc: (bcc: Bill Royds/HullOttawa/PCH/CA)

 Subject: 62.158.159.87 syn-flooding

I wonder if this is a global scale idiot or if whe
somehow annoyed him. fwiw

Jan 28 12:44:29 karfinux kernel: Packet log: tcp_in REJECT eth0 PROTO=6
62.158.159.87:1488 134.93.42.1:20 L=48 S=0x00 I=62824 F=0x4000 T=113 SYN (#6)
Jan 28 12:44:29 karfinux in.ftpd[6714]: connect from 62.158.159.87
Jan 28 12:44:29 karfinux ftpd[6714]: connection from p3E9E9F57.dip.t-dialin.net
Jan 28 12:44:29 karfinux sshd[298]: debug: Forked child 6715.
Jan 28 12:44:29 karfinux sshd[6715]: connect from 62.158.159.87
Jan 28 12:44:29 karfinux sshd[6715]: log: Connection from 62.158.159.87 port
1490
Jan 28 12:44:29 karfinux kernel: Packet log: tcp_in REJECT eth0 PROTO=6
62.158.159.87:1491 134.93.42.1:23 L=48 S=0x00 I=64616 F=0x4000 T=113 SYN (#6)

[continuuos, incl ftpd-DoS ('looping')]

Jan 28 13:48:28 karfinux kernel: Packet log: input DENY eth0 PROTO=6
62.158.159.87:4886 134.93.42.1:22 L=48 S=0x00 I=5888 F=0x4000 T=113 SYN (#1)
Jan 28 13:48:28 karfinux kernel: Packet log: input DENY eth0 PROTO=6
62.158.159.87:4892 134.93.42.1:22 L=48 S=0x00 I=6144 F=0x4000 T=113 SYN (#1)
Jan 28 13:48:28 karfinux kernel: Packet log: input DENY eth0 PROTO=6
62.158.159.87:4876 134.93.42.1:22 L=48 S=0x00 I=6400 F=0x4000 T=113 SYN (#1)
Jan 28 13:48:28 karfinux kernel: Packet log: input DENY eth0 PROTO=6
62.158.159.87:4895 134.93.42.1:22 L=48 S=0x00 I=6656 F=0x4000 T=113 SYN (#1)
Jan 28 13:48:28 karfinux kernel: Packet log: input DENY eth0 PROTO=6
62.158.159.87:4885 134.93.42.1:22 L=48 S=0x00 I=6912 F=0x4000 T=113 SYN (#1)
Jan 2

--
SIGSTOP

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]