Amen on both counts :) On Mon, Oct 11, 2010 at 4:08 PM, Josh Luthman <[email protected]>wrote:
> I am being sneaky sneaky sir =) > > You can probably just drop all 5060/tcp input forever as I seriously doubt > your Mikrotik is a SIP gateway. > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > > On Mon, Oct 11, 2010 at 4:03 PM, RickG <[email protected]> wrote: > >> Was hoping you'd chime in Josh :) >> >> >> On Mon, Oct 11, 2010 at 10:37 AM, Josh Luthman < >> [email protected]> wrote: >> >>> "...delays incoming connections for as long as possible." >>> >>> http://en.wikipedia.org/wiki/Tarpit_%28networking%29 >>> >>> Josh Luthman >>> Office: 937-552-2340 >>> Direct: 937-552-2343 >>> 1100 Wayne St >>> Suite 1337 >>> Troy, OH 45373 >>> >>> >>> >>> On Mon, Oct 11, 2010 at 10:35 AM, Kurt Fankhauser <[email protected]>wrote: >>> >>>> Ok I was just looking at my firewall rules. I have a rule that was >>>> instead of “dropping” blacklisted IP’s it was “tarpitting” them. Do you >>>> think the tarpit may have been the problem? I changed that rule to drop >>>> instead and havn’t had the problem since. >>>> >>>> >>>> >>>> Kurt Fankhauser >>>> >>>> WAVELINC >>>> >>>> P.O. Box 126 >>>> >>>> Bucyrus, OH 44820 >>>> >>>> 419-562-6405 >>>> >>>> >>>> >>>> >>>> ------------------------------ >>>> >>>> *From:* [email protected] [mailto:[email protected]] >>>> *On Behalf Of *RickG >>>> *Sent:* Saturday, October 09, 2010 6:13 PM >>>> >>>> *To:* WISPA General List >>>> *Subject:* Re: [WISPA] port 5060 relaying attack? >>>> >>>> >>>> >>>> Packet sniffer works better for this. >>>> >>>> On Sat, Oct 9, 2010 at 5:45 PM, Gustavo Santos <[email protected]> >>>> wrote: >>>> >>>> Try using mikrotik´s TORCH on your wan interface to see exectly what´s >>>> going on. >>>> >>>> 2010/10/8 Kurt Fankhauser <[email protected]> >>>> >>>> I think its starting from outsite >>>> >>>> >>>> >>>> Kurt Fankhauser >>>> >>>> WAVELINC >>>> >>>> P.O. Box 126 >>>> >>>> Bucyrus, OH 44820 >>>> >>>> 419-562-6405 >>>> >>>> >>>> >>>> >>>> ------------------------------ >>>> >>>> *From:* [email protected] [mailto:[email protected]] >>>> *On Behalf Of *Cameron Crum >>>> *Sent:* Friday, October 08, 2010 3:09 PM >>>> *To:* WISPA General List >>>> *Subject:* Re: [WISPA] port 5060 relaying attack? >>>> >>>> >>>> >>>> Can't you look at the inside of your network to see which ip is >>>> generating the traffic? O Ris it originating off your network? >>>> >>>> On Thu, Oct 7, 2010 at 11:17 PM, RickG <[email protected]> wrote: >>>> >>>> I had that same EXACT thing happen to me about a month ago. Sniffed it >>>> out (with the help from the list) and blocked the ip. Yes, I'm on TW fiber. >>>> -RickG >>>> >>>> On Thu, Oct 7, 2010 at 4:22 PM, Kurt Fankhauser <[email protected]> >>>> wrote: >>>> >>>> I never have had this happen for 6 years until I got my new fiber >>>> line installed form Time Warner. Apparently a few times a day somone starts >>>> a relay of SIP connections (or so it appears) through my fiber connection. >>>> It maxes out the download and upload of my 30/30 meg fiber and has about >>>> 30k-50k packets-per-second coming in and going right back out at the same >>>> time it maxes out the RB1000 CPU usage. Most of the time the problem only >>>> last for a few minutes but earlier today it lasted for over an hour. I have >>>> attached a few screenshots from Winbox during the attack. The >>>> 98.102.246.252 >>>> address is the address that all my NAT customers are being SRCNAT'ed to. >>>> Does anyone have a dynamic firewall rule handy that would stop this? I >>>> can't >>>> seem to find the IP address it is coming from because my core router's IP's >>>> are the ones showing up in the fire wall connections. Possibly be-ing >>>> spoofed I presume. >>>> >>>> >>>> >>>> -Kurt Fankhauser >>>> >>>> WAVELINC >>>> >>>> P.O. Box 126 >>>> >>>> Bucyrus, OH 44820 >>>> >>>> www.wavelinc.com >>>> >>>> >>>> >>>> >>>> -------------------------------------------------------------------------------- >>>> WISPA Wants You! Join today! >>>> http://signup.wispa.org/ >>>> >>>> -------------------------------------------------------------------------------- >>>> >>>> WISPA Wireless List: [email protected] >>>> >>>> Subscribe/Unsubscribe: >>>> http://lists.wispa.org/mailman/listinfo/wireless >>>> >>>> Archives: http://lists.wispa.org/pipermail/wireless/ >>>> >>>> >>>> >>>> >>>> >>>> >>>> -------------------------------------------------------------------------------- >>>> WISPA Wants You! Join today! >>>> http://signup.wispa.org/ >>>> >>>> -------------------------------------------------------------------------------- >>>> >>>> WISPA Wireless List: [email protected] >>>> >>>> Subscribe/Unsubscribe: >>>> http://lists.wispa.org/mailman/listinfo/wireless >>>> >>>> Archives: http://lists.wispa.org/pipermail/wireless/ >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> -------------------------------------------------------------------------------- >>>> WISPA Wants You! Join today! >>>> http://signup.wispa.org/ >>>> >>>> -------------------------------------------------------------------------------- >>>> >>>> WISPA Wireless List: [email protected] >>>> >>>> Subscribe/Unsubscribe: >>>> http://lists.wispa.org/mailman/listinfo/wireless >>>> >>>> Archives: http://lists.wispa.org/pipermail/wireless/ >>>> >>>> >>>> >>>> >>>> -- >>>> Gustavo Santos >>>> Analista de Redes >>>> -Tecnólogo em Redes de Computadores >>>> -Pós Graduando em Redes de Computadores e Telecomunicações >>>> -Cisco Certified Network Associate >>>> -Juniper Certified Internet Associate - ER >>>> -Mikrotik Certified Consultant >>>> >>>> >>>> >>>> >>>> >>>> -------------------------------------------------------------------------------- >>>> WISPA Wants You! Join today! >>>> http://signup.wispa.org/ >>>> >>>> -------------------------------------------------------------------------------- >>>> >>>> WISPA Wireless List: [email protected] >>>> >>>> Subscribe/Unsubscribe: >>>> http://lists.wispa.org/mailman/listinfo/wireless >>>> >>>> Archives: http://lists.wispa.org/pipermail/wireless/ >>>> >>>> >>>> >>>> >>>> >>>> >>>> -------------------------------------------------------------------------------- >>>> WISPA Wants You! Join today! >>>> http://signup.wispa.org/ >>>> >>>> -------------------------------------------------------------------------------- >>>> >>>> WISPA Wireless List: [email protected] >>>> >>>> Subscribe/Unsubscribe: >>>> http://lists.wispa.org/mailman/listinfo/wireless >>>> >>>> Archives: http://lists.wispa.org/pipermail/wireless/ >>>> >>> >>> >>> >>> >>> >>> -------------------------------------------------------------------------------- >>> WISPA Wants You! Join today! >>> http://signup.wispa.org/ >>> >>> -------------------------------------------------------------------------------- >>> >>> WISPA Wireless List: [email protected] >>> >>> Subscribe/Unsubscribe: >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> Archives: http://lists.wispa.org/pipermail/wireless/ >>> >> >> >> >> >> >> -------------------------------------------------------------------------------- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> -------------------------------------------------------------------------------- >> >> WISPA Wireless List: [email protected] >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> > > > > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > > -------------------------------------------------------------------------------- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ >
-------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
