Eu ce am prins am blocat pe ruterul de la intrare, insa fiindca veneau si se duceau spre mai multe ip-uri din aceleasi clase am dat drop la toata clasa. Cam astea ar fi:
192.172.9.0/24 192.172.136.0/24 192.172.129.0/24 80.176.230.147 192.172.0.0/24 96.249.26.26 23:03:25.706885 video.lglink.ro.3752 > 96.249.29.125.135: S 3125662914:3125662914(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) 23:03:25.707082 video.lglink.ro.3753 > 96.249.29.126.135: S 3125716551:3125716551(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) 23:03:25.707252 video.lglink.ro.3754 > 96.249.29.127.135: S 3125780121:3125780121(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) 23:03:25.707414 video.lglink.ro.3755 > 96.249.29.128.135: S 3125842034:3125842034(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) 23:03:25.707577 video.lglink.ro.3756 > 96.249.29.129.135: S 3125875056:3125875056(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) 23:03:25.707739 video.lglink.ro.3757 > 96.249.29.130.135: S 3125940194:3125940194(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) 23:03:25.707901 video.lglink.ro.3758 > 96.249.29.131.135: S 3125984694:3125984694(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) 23:03:25.708078 video.lglink.ro.3759 > 96.249.29.132.135: S 3126046236:3126046236(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) 23:03:25.708240 video.lglink.ro.3760 > 96.249.29.133.135: S 3126086765:3126086765(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) 23:03:25.708400 video.lglink.ro.3761 > 96.249.29.134.135: S 3126129477:3126129477(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) 23:04:40.014729 192.168.254.24.4518 > 196.157.116.73.135: S 2643968337:2643968337(0) win 64240 <mss 1460,nop,nop,sackOK> (DF) 23:04:40.014800 192.168.254.24.4519 > 196.157.116.74.135: S 2644023850:2644023850(0) win 64240 <mss 1460,nop,nop,sackOK> (DF) 23:04:40.014860 192.168.254.24.4520 > 196.157.116.75.135: S 2644066287:2644066287(0) win 64240 <mss 1460,nop,nop,sackOK> (DF) 23:04:40.014921 192.168.254.24.4521 > 196.157.116.76.135: S 2644101617:2644101617(0) win 64240 <mss 1460,nop,nop,sackOK> (DF) 23:04:40.015006 192.168.254.24.4522 > 196.157.116.77.135: S 2644147553:2644147553(0) win 64240 <mss 1460,nop,nop,sackOK> (DF) 23:04:40.015073 192.168.254.24.4523 > 196.157.116.78.135: S 2644199752:2644199752(0) win 64240 <mss 1460,nop,nop,sackOK> (DF) 23:04:40.015132 192.168.254.24.4524 > 196.157.116.79.135: S 2644232930:2644232930(0) win 64240 <mss 1460,nop,nop,sackOK> (DF) 23:04:40.015194 192.168.254.24.4525 > 196.157.116.80.135: S 2644297221:2644297221(0) win 64240 <mss 1460,nop,nop,sackOK> (DF) 23:04:40.015257 192.168.254.24.4526 > 196.157.116.81.135: S 2644344730:2644344730(0) win 64240 <mss 1460,nop,nop,sackOK> (DF) 23:04:40.015320 192.168.254.24.4527 > 196.157.116.82.135: S 2644383747:2644383747(0) win 64240 <mss 1460,nop,nop,sackOK> (DF) 23:04:40.015384 192.168.254.24.4528 > 196.157.116.83.135: S 2644446166:2644446166(0) win 64240 <mss 1460,nop,nop,sackOK> (DF) lglink.ro e un domeniu din burta pus... il folosesc pt. reteaua locala... Alex ----- Original Message ----- From: "Liste" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, November 08, 2003 10:49 PM Subject: [rlug] Re: Pachete Syn de 48bytes > Sunt cumva pachete dintr-un DRDOS? > Poti sa imi spui ce adresa sursa au (spoof evident), win-ul si TTL-ul? > > Marius > > ----- Original Message ----- > From: "Alex" <[EMAIL PROTECTED]> > To: "RLUG" <[EMAIL PROTECTED]> > Sent: Saturday, November 08, 2003 10:46 PM > Subject: [rlug] Pachete Syn de 48bytes > > > > Are cineva idee ce si cum e cu pachetele astea de 48bytes SYN... Ceva > > asemanator numai ca de o alta marime vedeam cind se apucau niste draci de > > 14-16 ani de scanat cu o timpenie de soft. Toti se cred hackeri..mama lor > de > > draci ....... > > > > Vreo idee? > > > > Alex > > > > > > > > --- > > Detalii despre listele noastre de mail: http://www.lug.ro/ > > > > > > > --- > Detalii despre listele noastre de mail: http://www.lug.ro/ > > > --- Detalii despre listele noastre de mail: http://www.lug.ro/
