I know of at least one person that got hammered by a bigpond address over the weekend at about 20MB/h. I'm with the same ISP but my linux gateway didn't get touched, suprisingly no scanning activity at all compared to normal.
John Morrissey wrote: >OVER 3100 seperate instances on Sunday night. > >I've had a number of customers who use Telstra ADSL at home reporting >extreme levels of scanning over the weekend. See extracts of 3 messages >from one customer below - he hade 4 different IP addresses over the weekend. > >These are their home networks not commercial systems so they are all using >Netgear firewall routers. I don't have any commercial ADSL installations & >so don't have detailed logs - only security alerts from these routers >(extract below). The "attacks" are just scans but the numbers are so high. >As you probably know 20 per month is the norm for this sought of activity > >Has anyone else noticed this? If you have a production box managing ADSL >can you have a look at your logs. > >Pigbond Support have been as helpful as ever telling customers to send an >email to [EMAIL PROTECTED] > >Can anyone help confirm how widespread this activity has been your comments >/ thoughts most welcome. > >Thanks >John Morrissey > > > > > >Message #1 >Sent: Friday, August 23, 2002 8:50 PM >Subject: paul v question - not urgent - [Fwd: NETGEAR *Security Alert* >0af90d] > > > > >>today I received all these attack notices through the DSL router, this >>email being an example of the report the router sends me. In total there >>were 71, all registered sequentially, but I notice that the origins are >>different, e.g.: >> >># Time Packet >>Information Reason Action >> 1|Aug 23 02 |From:209.179.244.86 To:144.137.99.190 |attack >>|block >> | 13:54:17 |TCP src port:51692 dest port:06347 |ports scan >>| >>End of Security Log >> >># Time Packet >>Information Reason Action >> 1|Aug 23 02 |From:12.227.71.78 To:144.137.99.190 |attack >>|block >> | 13:54:10 |TCP src port:03883 dest port:06347 |ports scan >>| >>End of Security Log >> >># Time Packet >>Information Reason Action >> 1|Aug 23 02 |From:172.144.131.53 To:144.137.99.190 |attack >>|block >> | 13:54:08 |TCP src port:01793 dest port:06347 |ports scan >>| >>End of Security Log >> >>any clues on this? and what can i do to respond with a "f*<k off" or >>does that just invite trouble? >> >>should i be at all concerned about this bout? >> >>paul >> >> >> > >Message #2 Sent Saturday At 10:45am > >thanks for the feedback. >i would write the email as suggested but there were 71 attacks not just 3, >and now as i write there have been another 800+: what the hell could be >going on? > > >Message #3 Sent Today, Monday Aug 26 at > >How about 3131 new attacks on sunday night? >If i had a POP email account, the defence alert emails would take a day to >manage, > >If I reset my router and modem, since I have a dynamic IP address, would >this at least have a chance of getting rid of the attacks to the existing >address > > > > -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
