Was hoping you'd chime in Josh :) On Mon, Oct 11, 2010 at 10:37 AM, Josh Luthman <[email protected]>wrote:
> "...delays incoming connections for as long as possible." > > http://en.wikipedia.org/wiki/Tarpit_%28networking%29 > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > > > On Mon, Oct 11, 2010 at 10:35 AM, Kurt Fankhauser <[email protected]>wrote: > >> Ok I was just looking at my firewall rules. I have a rule that was >> instead of “dropping” blacklisted IP’s it was “tarpitting” them. Do you >> think the tarpit may have been the problem? I changed that rule to drop >> instead and havn’t had the problem since. >> >> >> >> Kurt Fankhauser >> >> WAVELINC >> >> P.O. Box 126 >> >> Bucyrus, OH 44820 >> >> 419-562-6405 >> >> >> >> >> ------------------------------ >> >> *From:* [email protected] [mailto:[email protected]] *On >> Behalf Of *RickG >> *Sent:* Saturday, October 09, 2010 6:13 PM >> >> *To:* WISPA General List >> *Subject:* Re: [WISPA] port 5060 relaying attack? >> >> >> >> Packet sniffer works better for this. >> >> On Sat, Oct 9, 2010 at 5:45 PM, Gustavo Santos <[email protected]> >> wrote: >> >> Try using mikrotik´s TORCH on your wan interface to see exectly what´s >> going on. >> >> 2010/10/8 Kurt Fankhauser <[email protected]> >> >> I think its starting from outsite >> >> >> >> Kurt Fankhauser >> >> WAVELINC >> >> P.O. Box 126 >> >> Bucyrus, OH 44820 >> >> 419-562-6405 >> >> >> >> >> ------------------------------ >> >> *From:* [email protected] [mailto:[email protected]] *On >> Behalf Of *Cameron Crum >> *Sent:* Friday, October 08, 2010 3:09 PM >> *To:* WISPA General List >> *Subject:* Re: [WISPA] port 5060 relaying attack? >> >> >> >> Can't you look at the inside of your network to see which ip is generating >> the traffic? O Ris it originating off your network? >> >> On Thu, Oct 7, 2010 at 11:17 PM, RickG <[email protected]> wrote: >> >> I had that same EXACT thing happen to me about a month ago. Sniffed it out >> (with the help from the list) and blocked the ip. Yes, I'm on TW fiber. >> -RickG >> >> On Thu, Oct 7, 2010 at 4:22 PM, Kurt Fankhauser <[email protected]> >> wrote: >> >> I never have had this happen for 6 years until I got my new fiber line >> installed form Time Warner. Apparently a few times a day somone starts a >> relay of SIP connections (or so it appears) through my fiber connection. It >> maxes out the download and upload of my 30/30 meg fiber and has about >> 30k-50k packets-per-second coming in and going right back out at the same >> time it maxes out the RB1000 CPU usage. Most of the time the problem only >> last for a few minutes but earlier today it lasted for over an hour. I have >> attached a few screenshots from Winbox during the attack. The 98.102.246.252 >> address is the address that all my NAT customers are being SRCNAT'ed to. >> Does anyone have a dynamic firewall rule handy that would stop this? I can't >> seem to find the IP address it is coming from because my core router's IP's >> are the ones showing up in the fire wall connections. Possibly be-ing >> spoofed I presume. >> >> >> >> -Kurt Fankhauser >> >> WAVELINC >> >> P.O. Box 126 >> >> Bucyrus, OH 44820 >> >> www.wavelinc.com >> >> >> >> >> -------------------------------------------------------------------------------- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> -------------------------------------------------------------------------------- >> >> WISPA Wireless List: [email protected] >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> >> >> >> >> >> -------------------------------------------------------------------------------- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> -------------------------------------------------------------------------------- >> >> WISPA Wireless List: [email protected] >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> >> >> >> >> >> >> -------------------------------------------------------------------------------- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> -------------------------------------------------------------------------------- >> >> WISPA Wireless List: [email protected] >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> >> >> >> -- >> Gustavo Santos >> Analista de Redes >> -Tecnólogo em Redes de Computadores >> -Pós Graduando em Redes de Computadores e Telecomunicações >> -Cisco Certified Network Associate >> -Juniper Certified Internet Associate - ER >> -Mikrotik Certified Consultant >> >> >> >> >> >> -------------------------------------------------------------------------------- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> -------------------------------------------------------------------------------- >> >> WISPA Wireless List: [email protected] >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> >> >> >> >> >> -------------------------------------------------------------------------------- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> -------------------------------------------------------------------------------- >> >> WISPA Wireless List: [email protected] >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> > > > > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > > -------------------------------------------------------------------------------- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ >
-------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
