Re: [hlds] Under attack again

Tony Paloma Mon, 21 Apr 2008 16:39:01 -0700

It looks like the attacker is just spamming connect/disconnect to any port
he can get his hands on


  TCP    C18492-111562:epmap
pool-96-250-36-94.nycmny.fios.verizon.net:44654
 ESTABLISHED
  TCP    C18492-111562:1035
pool-96-250-36-94.nycmny.fios.verizon.net:44649
 ESTABLISHED
  TCP    C18492-111562:27015
pool-96-250-36-94.nycmny.fios.verizon.net:44992
 ESTABLISHED
  TCP    C18492-111562:27015
pool-96-250-36-94.nycmny.fios.verizon.net:45231
 ESTABLISHED
  TCP    C18492-111562:27015
pool-96-250-36-94.nycmny.fios.verizon.net:43844
 ESTABLISHED
  TCP    C18492-111562:27015
pool-96-250-36-94.nycmny.fios.verizon.net:43845
 ESTABLISHED
  TCP    C18492-111562:27015
pool-96-250-36-94.nycmny.fios.verizon.net:43847
 ESTABLISHED
  TCP    C18492-111562:27015
pool-96-250-36-94.nycmny.fios.verizon.net:43852
 ESTABLISHED
  TCP    C18492-111562:27015
pool-96-250-36-94.nycmny.fios.verizon.net:43853
 ESTABLISHED
  TCP    C18492-111562:27015
pool-96-250-36-94.nycmny.fios.verizon.net:43860
 ESTABLISHED
  TCP    C18492-111562:27015
pool-96-250-36-94.nycmny.fios.verizon.net:43863
 ESTABLISHED
  TCP    C18492-111562:27015
pool-96-250-36-94.nycmny.fios.verizon.net:43866
 ESTABLISHED
  TCP    C18492-111562:27015
pool-96-250-36-94.nycmny.fios.verizon.net:43868
 ESTABLISHED
  TCP    C18492-111562:27015
pool-96-250-36-94.nycmny.fios.verizon.net:43871
 ESTABLISHED
  TCP    C18492-111562:27015
pool-96-250-36-94.nycmny.fios.verizon.net:44992
 ESTABLISHED
  TCP    C18492-111562:27015
pool-96-250-36-94.nycmny.fios.verizon.net:45231
 ESTABLISHED

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Paloma
Sent: Monday, April 21, 2008 4:29 PM
To: 'Half-Life dedicated Win32 server mailing list'
Subject: [hlds] Under attack again

I'm under attack again. The people attacking are now trying to attack my FTP
server as well (so I have some IPs). I've also got some .cap files from
Microsoft Network Monitor. I'm looking for other monitor tools right now.

(003205) 4/21/2008 6:26:26 PM - (not logged in) (96.250.36.94) > connected
to ip : 74.54.24.200
(003205) 4/21/2008 6:26:26 PM - (not logged in) (96.250.36.94) > connection
failed : IP is blocked for 3600 second(s).
(003205) 4/21/2008 6:26:26 PM - (not logged in) (96.250.36.94) >
disconnected.
(003206) 4/21/2008 6:26:26 PM - (not logged in) (96.250.36.94) > connected
to ip : 74.54.24.200
(003206) 4/21/2008 6:26:26 PM - (not logged in) (96.250.36.94) > connection
failed : IP is blocked for 3600 second(s).
(003206) 4/21/2008 6:26:26 PM - (not logged in) (96.250.36.94) >
disconnected.
(003207) 4/21/2008 6:26:26 PM - (not logged in) (96.250.36.94) > connected
to ip : 74.54.24.200
(003207) 4/21/2008 6:26:26 PM - (not logged in) (96.250.36.94) > connection
failed : IP is blocked for 3600 second(s).
(003207) 4/21/2008 6:26:26 PM - (not logged in) (96.250.36.94) >
disconnected.
(003208) 4/21/2008 6:26:26 PM - (not logged in) (96.250.36.94) > connected
to ip : 74.54.24.200
(003208) 4/21/2008 6:26:26 PM - (not logged in) (96.250.36.94) > connection
failed : IP is blocked for 3600 second(s).
(003208) 4/21/2008 6:26:26 PM - (not logged in) (96.250.36.94) >
disconnected.
(003209) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) > connected
to ip : 74.54.24.200
(003209) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) > connection
failed : IP is blocked for 3600 second(s).
(003209) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) >
disconnected.
(003210) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) > connected
to ip : 74.54.24.200
(003210) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) > connection
failed : IP is blocked for 3600 second(s).
(003210) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) >
disconnected.
(003211) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) > connected
to ip : 74.54.24.200
(003211) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) > connection
failed : IP is blocked for 3600 second(s).
(003211) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) >
disconnected.
(003212) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) > connected
to ip : 74.54.24.200
(003212) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) > connection
failed : IP is blocked for 3600 second(s).
(003212) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) >
disconnected.
(003213) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) > connected
to ip : 74.54.24.200
(003213) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) > connection
failed : IP is blocked for 3600 second(s).
(003213) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) >
disconnected.
(003214) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) > connected
to ip : 74.54.24.200
(003214) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) > connection
failed : IP is blocked for 3600 second(s).
(003214) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) >
disconnected.
(003215) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) > connected
to ip : 74.54.24.200
(003215) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) > connection
failed : IP is blocked for 3600 second(s).
(003215) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) >
disconnected.
(003216) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) > connected
to ip : 74.54.24.200
(003216) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) > connection
failed : IP is blocked for 3600 second(s).
(003216) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) >
disconnected.
(003217) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) > connected
to ip : 74.54.24.200
(003217) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) > connection
failed : IP is blocked for 3600 second(s).
(003217) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) >
disconnected.
(003218) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) > connected
to ip : 74.54.24.200
(003218) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) > connection
failed : IP is blocked for 3600 second(s).
(003218) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) >
disconnected.

Name:    pool-96-250-36-94.nycmny.fios.verizon.net
Address:  96.250.36.94

Here's the fun part. It turns out that same IP has been used on my game
server.

SELECT * FROM `connectlog` WHERE `ip` '96.250.36.94'
Turns up results:
N3m3sis STEAM_0:1:2002203
He was a player on my 24/7 2fort server.


_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds


_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds

Re: [hlds] Under attack again

Reply via email to