"...delays incoming connections for as long as possible." http://en.wikipedia.org/wiki/Tarpit_%28networking%29
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Oct 11, 2010 at 10:35 AM, Kurt Fankhauser <[email protected]> wrote: > Ok I was just looking at my firewall rules. I have a rule that was > instead of “dropping” blacklisted IP’s it was “tarpitting” them. Do you > think the tarpit may have been the problem? I changed that rule to drop > instead and havn’t had the problem since. > > > > Kurt Fankhauser > > WAVELINC > > P.O. Box 126 > > Bucyrus, OH 44820 > > 419-562-6405 > > > > > ------------------------------ > > *From:* [email protected] [mailto:[email protected]] *On > Behalf Of *RickG > *Sent:* Saturday, October 09, 2010 6:13 PM > > *To:* WISPA General List > *Subject:* Re: [WISPA] port 5060 relaying attack? > > > > Packet sniffer works better for this. > > On Sat, Oct 9, 2010 at 5:45 PM, Gustavo Santos <[email protected]> > wrote: > > Try using mikrotik´s TORCH on your wan interface to see exectly what´s > going on. > > 2010/10/8 Kurt Fankhauser <[email protected]> > > I think its starting from outsite > > > > Kurt Fankhauser > > WAVELINC > > P.O. Box 126 > > Bucyrus, OH 44820 > > 419-562-6405 > > > > > ------------------------------ > > *From:* [email protected] [mailto:[email protected]] *On > Behalf Of *Cameron Crum > *Sent:* Friday, October 08, 2010 3:09 PM > *To:* WISPA General List > *Subject:* Re: [WISPA] port 5060 relaying attack? > > > > Can't you look at the inside of your network to see which ip is generating > the traffic? O Ris it originating off your network? > > On Thu, Oct 7, 2010 at 11:17 PM, RickG <[email protected]> wrote: > > I had that same EXACT thing happen to me about a month ago. Sniffed it out > (with the help from the list) and blocked the ip. Yes, I'm on TW fiber. > -RickG > > On Thu, Oct 7, 2010 at 4:22 PM, Kurt Fankhauser <[email protected]> wrote: > > I never have had this happen for 6 years until I got my new fiber line > installed form Time Warner. Apparently a few times a day somone starts a > relay of SIP connections (or so it appears) through my fiber connection. It > maxes out the download and upload of my 30/30 meg fiber and has about > 30k-50k packets-per-second coming in and going right back out at the same > time it maxes out the RB1000 CPU usage. Most of the time the problem only > last for a few minutes but earlier today it lasted for over an hour. I have > attached a few screenshots from Winbox during the attack. The 98.102.246.252 > address is the address that all my NAT customers are being SRCNAT'ed to. > Does anyone have a dynamic firewall rule handy that would stop this? I can't > seem to find the IP address it is coming from because my core router's IP's > are the ones showing up in the fire wall connections. Possibly be-ing > spoofed I presume. > > > > -Kurt Fankhauser > > WAVELINC > > P.O. Box 126 > > Bucyrus, OH 44820 > > www.wavelinc.com > > > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > > -------------------------------------------------------------------------------- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > > -------------------------------------------------------------------------------- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > > -------------------------------------------------------------------------------- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > -- > Gustavo Santos > Analista de Redes > -Tecnólogo em Redes de Computadores > -Pós Graduando em Redes de Computadores e Telecomunicações > -Cisco Certified Network Associate > -Juniper Certified Internet Associate - ER > -Mikrotik Certified Consultant > > > > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > > -------------------------------------------------------------------------------- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > > -------------------------------------------------------------------------------- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ >
-------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
