ack on that,
we've seen the same source.. same time..
20500 4 240 (T 4935, slot 147) <-> tcp, 212.224.127.14 41215<-> 213.200.x.x
80
20500 9 540 (T 3325, slot 147) <-> tcp, 212.224.127.14 14591<-> 213.200.x.x
80
20500 9 540 (T 2898, slot 147) <-> tcp, 212.224.127.14 39167<-> 213.200.x.x
80
20500
Schenkel Martin schrieb:
Well, the only good solution to this ugly attack is to do what Goetz
suggested; As an ISP inbound filter the offending IP address. This is
what we did several hours ago and all is fine since then.
BTW AS44066 which propagates the offending IP address claims spoofing.
Hello
I would be much better to fight the root cause and force every isp in
the world to block forged packets. For example with unified reverse path
checks facing the customers. Ok, I'm just kidding ...
Unfortunately there is no direct benefit for the implementing isp's
because it helps all other
Well, the only good solution to this ugly attack is to do what Goetz suggested;
As an ISP inbound filter the offending IP address. This is what we did several
hours ago and all is fine since then.
Firewalls of all type of models have/had issues with this attack. On some you
might be able to t
re,
On Fri, 2008-04-11 at 15:16 +0200, Erich Hohermuth wrote:
> We also have a few customers complaining about connection troubles, most
> of them have a Zywal. After some netflow debugging we see many port 80
> syn connections which seems the cause of the troubles.
Thanks for the feedback Erich!
Our connection in our office is being pounded as well...
04/11/2008 16:26:45 Under SYN flood attack, sent TCP RST 212.224.127.14:3978
192.168.10.11:80 TCP RST
04/11/2008 16:26:44 Under SYN flood attack, sent TCP RST 212.224.127.14:11885
192.168.10.11:80 TCP RST
04/11/2008 16:26:42 Under SYN floo
Yep, same here... http://service.escapenet.ch/mrtg/escfwconn.html
Could someone at Init7 filter these for us? Thanks!
Regards,
Mike
--
Mike Kellenberger [EMAIL PROTECTED]
Escapenet - the Web Company Tel +41 52 235 0700
http://www.escapenet.ch
Hi all
We notice a heavy DoS attack of TCP SYN packets to port 80 since
yesterday 22:02 CEST directed against (random?) targets using a spoofed
src ip from Munich (don't call the owner, call your upstream ISP
and ask for proper filtering!). Lots of webservers and companies
are affected. Some stat
Hello
We also have a few customers complaining about connection troubles, most
of them have a Zywal. After some netflow debugging we see many port 80
syn connections which seems the cause of the troubles.
If someone needs a dump file, just send me a mail.
Kind Regards
Erich
Am Freitag,
Hello Olivier,
I have a similar setting to reach my box at home via an adsl from
Bluewin. No problem on my side.
Ruben
Olivier Mueller wrote:
Hello,
Still trying to reach the swisscom/bluewin support since 10 minutes (and
the robot keeps telling me "voraussichtliche warte zeit: 4-5 minuten"
Hello,
Still trying to reach the swisscom/bluewin support since 10 minutes (and
the robot keeps telling me "voraussichtliche warte zeit: 4-5 minuten"
all the time), so I guess it quicker if I ask here as well.
It's a simple problem: I manage a few intranet boxes (mail/webproxy)
connected to the
11 matches
Mail list logo