Denial of service
Karl Larsen
k5di at zianet.com
Thu Oct 4 14:41:10 UTC 2007
Andy Green wrote:
> Somebody in the thread at some point said:
>
>
>> So I turned off sshd but that didn't stop the problem. I am getting hit
>> several times a second by someone. I would sure like to at least know
>> the IP they are from.
>>
>
> tcpdump -i eth0
>
> will give you an overview of what is happening on your network interface
> (change eth0 to whichever interface it actually is).
>
> If the DNS lookups are distracting, you can do
>
> tcpdump -i eth0 -n
>
> to just get IP addresses. Paste a few lines of the results here if it
> didn't make any sense.
>
> -Andy
>
>
>
>
Thanks Andy but this guy is a pro. Here is the printout:
08:36:54.556722 IP hpc-mirror.usc.edu.http > 192.168.0.2.36230: .
332880:334340(1460) ack 1 win 108
08:36:54.556773 IP 192.168.0.2.36230 > hpc-mirror.usc.edu.http: . ack
334340 win 4850
08:36:54.559933 IP ftp1.nacs.uci.edu.ftp > 192.168.0.2.51487: P 0:19(19)
ack 1 win 1448 <nop,nop,timestamp 2065179405 11859719>
08:36:54.559998 IP 192.168.0.2.51487 > ftp1.nacs.uci.edu.ftp: . ack 19
win 92 <nop,nop,timestamp 11953292 2065179405,nop,nop,sack 1 {0:19}>
08:36:54.613139 IP hpc-mirror.usc.edu.http > 192.168.0.2.36230: .
334340:335800(1460) ack 1 win 108
08:36:54.613189 IP 192.168.0.2.36230 > hpc-mirror.usc.edu.http: . ack
335800 win 4895
08:36:54.669234 IP hpc-mirror.usc.edu.http > 192.168.0.2.36230: P
335800:337260(1460) ack 1 win 108
08:36:54.669286 IP 192.168.0.2.36230 > hpc-mirror.usc.edu.http: . ack
337260 win 4941
I am not sure what is being done, but it is being relayed by USC and others.
Karl
--
Karl F. Larsen, AKA K5DI
Linux User
#450462 http://counter.li.org.
More information about the fedora-list
mailing list