the attack continues..

Beavis pfunix at gmail.com
Sat Oct 18 09:35:34 CDT 2008


Hello Lists,

    I'm still getting attacked and most of the IP's i got have been
reported. and just this morning it looks as if someone is testing my
network. and sending out short TCP_SESSION requests. now i may be
paranoid but this past few days have been hell.. just want to know if
the folks from these ip's can help me out.

Attacker IP,Attacker Port,Victim IP,Victim Port,Attack Type,Start
Time,Extra Info
205.188.116.7,47198,200.0.179.73,80,TCP_SESSION,2008-10-18
14:20:48,Filtered IP: Dropped packets: 3 Dropped bytes: 156
205.188.117.134,45379,200.0.179.73,80,TCP_SESSION,2008-10-18
14:20:48,Filtered IP: Dropped packets: 0 Dropped bytes: 0
205.188.117.137,42257,200.0.179.73,80,TCP_SESSION,2008-10-18
14:20:48,Filtered IP: Dropped packets: 0 Dropped bytes: 0
75.105.128.38,4092,200.0.179.73,80,TCP_SESSION,2008-10-18
14:20:48,Filtered IP: Dropped packets: 0 Dropped bytes: 0

First 3 IP's come from AOL, I'll try to see if I can get their attention.

Last IP is from a Wildblue Communications WBC-39.

I wanted to see if it's possible to get a sample of the "bots" that
their using against me. I know... it's a long shot but any help will
be greatly appreciated.




thanks,
John Lopez




More information about the NANOG mailing list