Re: the attack continues..

• From: Jay Hennigan
• Date: Sat Oct 18 11:24:35 2008

• List-archive: <http://mailman.nanog.org/pipermail/nanog>
• List-help: <mailto:[email protected]?subject=help>
• List-id: North American Network Operators Group <nanog.nanog.org>
• List-post: <mailto:[email protected]>
• List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=subscribe>
• List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=unsubscribe>

Hello Lists,

    I'm still getting attacked and most of the IP's i got have been
reported. and just this morning it looks as if someone is testing my
network. and sending out short TCP_SESSION requests. now i may be
paranoid but this past few days have been hell.. just want to know if
the folks from these ip's can help me out.

Attacker IP,Attacker Port,Victim IP,Victim Port,Attack Type,Start
Time,Extra Info
205.188.116.7,47198,200.0.179.73,80,TCP_SESSION,2008-10-18
14:20:48,Filtered IP: Dropped packets: 3 Dropped bytes: 156
205.188.117.134,45379,200.0.179.73,80,TCP_SESSION,2008-10-18
14:20:48,Filtered IP: Dropped packets: 0 Dropped bytes: 0
205.188.117.137,42257,200.0.179.73,80,TCP_SESSION,2008-10-18
14:20:48,Filtered IP: Dropped packets: 0 Dropped bytes: 0
75.105.128.38,4092,200.0.179.73,80,TCP_SESSION,2008-10-18
14:20:48,Filtered IP: Dropped packets: 0 Dropped bytes: 0

First 3 IP's come from AOL, I'll try to see if I can get their attention.

Last IP is from a Wildblue Communications WBC-39.

--
Jay Hennigan - CCIE #7880 - Network Engineering - [email protected]
Impulse Internet Service  -  http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV

• Follow-Ups:
  • RE: the attack continues.. Frank Bulk

• References:
  • the attack continues.. Beavis

• Prev by Date: the attack continues..
• Next by Date: RE: the attack continues..
• Date Index
• Thread Index
• Author Index
• Historical