ack on that, we've seen the same source.. same time..
20500 4 240 (T 4935, slot 147) <-> tcp, 212.224.127.14 41215<-> 213.200.x.x 80 20500 9 540 (T 3325, slot 147) <-> tcp, 212.224.127.14 14591<-> 213.200.x.x 80 20500 9 540 (T 2898, slot 147) <-> tcp, 212.224.127.14 39167<-> 213.200.x.x 80 20500 9 540 (T 3028, slot 148) <-> tcp, 212.224.127.14 55544<-> 213.200.x.x 80 20500 4 240 (T 5150, slot 149) <-> tcp, 212.224.127.14 44281<-> 213.200.x.x 80 -steven > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Goetz von Escher > Sent: Friday, April 11, 2008 3:56 PM > To: [EMAIL PROTECTED] > Subject: Re: [swinog] fw change on bluewin adsl accounts today? > > Hi all > > We notice a heavy DoS attack of TCP SYN packets to port 80 > since yesterday 22:02 CEST directed against (random?) targets > using a spoofed src ip from Munich (don't call the owner, > call your upstream ISP and ask for proper filtering!). Lots > of webservers and companies are affected. Some statistics can > be found here: > > http://www.dshield.org/ipinfo.html?ip=212.224.127.14 > http://stats.fp6-noah.org/top.php > > With kind regards > Goetz von Escher > > On 11.04.2008 15:16, Erich Hohermuth wrote: > > Hello > > > > We also have a few customers complaining about connection troubles, > > most of them have a Zywal. After some netflow debugging we see many > > port 80 syn connections which seems the cause of the troubles. > > > > If someone needs a dump file, just send me a mail. > > > > Kind Regards > > Erich > > > > Am Freitag, den 11.04.2008, 14:27 +0200 schrieb Olivier Mueller: > >> Hello, > >> > >> Still trying to reach the swisscom/bluewin support since > 10 minutes > >> (and the robot keeps telling me "voraussichtliche warte > zeit: 4-5 minuten" > >> all the time), so I guess it quicker if I ask here as well. > >> > >> It's a simple problem: I manage a few intranet boxes > (mail/webproxy) > >> connected to the net via standard bluewin adsl lines. > Everything was > >> fine the last years until today. Remote access via ssh > (NAT on the > >> router). > >> > >> Since today: no way to connect any of the hosts (about 5) : ports > >> for ssh and http seems to be closed, while some of the IP > are still > >> pingable. > >> > >> Maybe somebody around knows about this thing? For example: maybe > >> they activated a firewall this night on all customers > lines to prevent > >> virus/worms problems? (I don't have a bluewin line > myself, so it's > >> hard to debug remotely) . > >> > >> Regards & a nice Weekend/Sechseläuten to you, Olivier > >> > >> PS: in the mean time, the hotline answered and they know nothing > >> about that, but they are going to check internally and > call back later... > >> > >> _______________________________________________ > >> swinog mailing list > >> [email protected] > >> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog > _______________________________________________ > swinog mailing list > [email protected] > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog > _______________________________________________ swinog mailing list [email protected] http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
