Anyone know what kind of attack this is?
Tom Diehl
tdiehl at rogueind.com
Fri Jan 7 07:04:14 UTC 2005
On Fri, 7 Jan 2005, Mike Klinke wrote:
> On Thursday 06 January 2005 22:55, Tom Diehl wrote:
> > Hi all,
> >
> > I am experiencing some kind of attack on one of my web servers. I
> > _think_ it might be a syn flood attack but I am not 100% sure.
> > Can someone have a look at the following log entries and try to
> > give me an idea what is going on here and the best way to
> > stop/minimize this?
>
>
> The only thing that I can see that might be related to the IP
> address is:
>
> league.ogn.com.au
>
> and this is only a possible link as a search engine returned a
> paragraph with this domain name in conjuntion with 203.206.95.1.
>
> ========================
> Oceanic League
> ... Q2 Servers: FFA ---
> 203.206.95.1:27910 TDM --
> 203.206.95.1:27911 1v1 ---
> 203.206.95.1:27912 CTF ---
> 203.206.95.1:27920 LOX ---
> 203.206.95.1:27930 RA2 ...
> league.ogn.com.au/modules/news/article.php?storyid=63
> =====================================================
>
> Do you have any gamers behind your firewall?
Nope. This has been going on for about 15 hours now. It has changed
ipaddress blocks a couple of times. according to ipwhois the all
originate from .au. In the last hour it seems to have calmed down.
Blocking the ip addresses calms things down until they change to another
net block. I am hoping they will move on to somewhere else so I can drop the
blocks. I do not like blocking multiple /16's
Regards,
Tom Diehl tdiehl at rogueind.com Spamtrap address mtd123 at rogueind.com
More information about the fedora-list
mailing list