Re: [swinog] fw change on bluewin adsl accounts today?

Fri, 11 Apr 2008 06:57:23 -0700 

Hi all

We notice a heavy DoS attack of TCP SYN packets to port 80 since
yesterday 22:02 CEST directed against (random?) targets using a spoofed
src ip from Munich (don't call the owner, call your upstream ISP
and ask for proper filtering!). Lots of webservers and companies
are affected. Some statistics can be found here:

  http://www.dshield.org/ipinfo.html?ip=212.224.127.14
  http://stats.fp6-noah.org/top.php

With kind regards
Goetz von Escher

On 11.04.2008 15:16, Erich Hohermuth wrote:

Hello

We also have a few customers complaining about connection troubles, most
of them have a Zywal. After some netflow debugging we see many port 80
syn connections which seems the cause of the troubles.
If someone needs a dump file, just send me a mail. 
Kind Regards
        Erich

Am Freitag, den 11.04.2008, 14:27 +0200 schrieb Olivier Mueller:

Hello,

Still trying to reach the swisscom/bluewin support since 10 minutes (and
the robot keeps telling me "voraussichtliche warte zeit: 4-5 minuten"
all the time), so I guess it quicker if I ask here as well. 
It's a simple problem:  I manage a few intranet boxes (mail/webproxy)
connected to the net via standard bluewin adsl lines.  Everything was
fine the last years until today.  Remote access via ssh (NAT on the
router). 
Since today: no way to connect any of the hosts (about 5) :  ports for
ssh and http seems to be closed, while some of the IP are still
pingable. 
Maybe somebody around knows about this thing?  For example: maybe they
activated a firewall this night on all customers lines to prevent
virus/worms problems?   (I don't have a bluewin line myself, so it's
hard to debug remotely) .

Regards & a nice Weekend/Sechseläuten to you,
Olivier

PS: in the mean time, the hotline answered and they know nothing about
that, but they are going to check internally and call back later...

_______________________________________________
swinog mailing list
[email protected]
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

_______________________________________________
swinog mailing list
[email protected]
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Antwort per Email an