Anyone know what kind of attack this is?
Mike Klinke
lsomike at futzin.com
Fri Jan 7 16:39:01 UTC 2005
On Friday 07 January 2005 01:04, Tom Diehl wrote:
> > Do you have any gamers behind your firewall?
>
> Nope. This has been going on for about 15 hours now. It has
> changed ipaddress blocks a couple of times. according to ipwhois
> the all originate from .au. In the last hour it seems to have
> calmed down. Blocking the ip addresses calms things down until
> they change to another net block. I am hoping they will move on
> to somewhere else so I can drop the blocks. I do not like
> blocking multiple /16's
>
Have you determined which system initiates the very first packet
connection; i.e. your web server or the remote computer? If the
former, your web server may be compromised.
Are all the remote systems using the same ISP? If so, have you
spoken to them?
Do the other remote systems you've seen also seem to be associated
with on-line gaming?
Regards, Mike Klinke
More information about the fedora-list
mailing list