Re: help - can someone explain this to me?
From: limon@tuanis.elrioapts.comDate: 10/26/01
- Previous message: None: "Re: Packet Sniffing in a Switched LAN"
- In reply to: Steven M Bloomfield: "help - can someone explain this to me?"
- Next in thread: Andrew Blevins: "RE: help - can someone explain this to me?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 26 Oct 2001 11:47:23 -0600 (CST) From: <limon@tuanis.elrioapts.com> To: Steven M Bloomfield <steven@root101.com> Subject: Re: help - can someone explain this to me? Message-ID: <Pine.LNX.4.21.0110261145330.29847-100000@cartago>
tcpdumps of the packets might help you in the analysis...also, running an
IDS like snort could give you insight into the *attacks*. the packets are
being denied by ipfw/ipchains, right?
-tuanis
On Thu, 25 Oct 2001, Steven M Bloomfield wrote:
> Hi,
> I'm webmaster of a large-ish website and yesterday the server went down.
> It is a Redhat 6.1 Linux server. All my ISP would do was press the 'reset'
> button - very kind of them (they are NT specialists).
> Inspecting my log files I found thousands of denied packets, all seem to be
> within a period of 6 hours.
> My question is, could such an attack disable my machine and crash it? Can
> anyone identify what sort of attack it was?
>
> Here's a summary below:
>
> Denied packets from modem-392.awesome.dialup.pol.co.uk (62.25.129.136).
> Port https (tcp,eth0,input): 5 packet(s).
> Total of 5 packet(s).
>
> Denied packets from 10.10.71.237.
> Port netbios-dgm (udp,eth1,input): 69 packet(s).
> Port netbios-ns (udp,eth1,input): 333 packet(s).
> Total of 402 packet(s).
>
> Denied packets from 10.10.0.4.
> Port netbios-dgm (udp,eth1,input): 496 packet(s).
> Port netbios-ns (udp,eth1,input): 2925 packet(s).
> Total of 3421 packet(s).
>
> Denied packets from userSg017.videon.wave.ca (204.112.48.37).
> Port 500 (udp,eth0,input): 6 packet(s).
> Total of 6 packet(s).
>
> Denied packets from 207.190.199.102.
> Port https (tcp,eth0,input): 11 packet(s).
> Total of 11 packet(s).
>
> Denied packets from 10.10.32.21.
> Port netbios-dgm (udp,eth1,input): 338 packet(s).
> Port netbios-ns (udp,eth1,input): 1742 packet(s).
> Total of 2080 packet(s).
>
> Denied packets from 172.17.0.18.
> Port 1434 (udp,eth1,input): 2 packet(s).
> Total of 2 packet(s).
>
> Denied packets from 10.10.1.37.
> Port netbios-dgm (udp,eth1,input): 496 packet(s).
> Port netbios-ns (udp,eth1,input): 2925 packet(s).
> Total of 3421 packet(s).
>
> Denied packets from 10.10.32.27.
> Port netbios-dgm (udp,eth1,input): 59 packet(s).
> Port netbios-ns (udp,eth1,input): 324 packet(s).
> Total of 383 packet(s).
>
> Denied packets from 10.10.32.28.
> Port netbios-dgm (udp,eth1,input): 107 packet(s).
> Port netbios-ns (udp,eth1,input): 513 packet(s).
> Total of 620 packet(s).
>
> Denied packets from 10.10.0.1.
> Port 0 (tcp,eth1,input): 3 packet(s).
> Total of 3 packet(s).
>
> Denied packets from 10.10.0.3.
> Port bootpc (udp,eth1,input): 19 packet(s).
> Port netbios-dgm (udp,eth1,input): 475 packet(s).
> Port netbios-ns (udp,eth1,input): 2259 packet(s).
> Total of 2753 packet(s).
>
>
> Thanks,
> Steve
>
>
- Previous message: None: "Re: Packet Sniffing in a Switched LAN"
- In reply to: Steven M Bloomfield: "help - can someone explain this to me?"
- Next in thread: Andrew Blevins: "RE: help - can someone explain this to me?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
