anyone one else in the 206.125.175.x range experiencing DoS from 80.82.64.0-80.82.79.0 ip's ?
That's what she said!!
BryceBot: no
Oh, okay... I'm sorry. 'anyone one else in the 206.125.175.x range experiencing DoS from 80.82.64.0-80.82.79.0 ip's ?'
lol
forgotten: incoming rate of 10kbps on my server. doesn't seem like a dos
(that's probably my ssh connection)
ant: im getting roughly 5,000 blocks per 10minutes.  All going to port 80.  Before blocking it was bringing my apache service to it's knees.
forgotten: not sure what you mean by blocks, but doesn't seem like much...
http://wmfb.co/txt/holyshit.txt
oh, is that a syn flood?
not sure, showing as normal TCP / port 80 traffic.  just massive constant web server requests
when allowed to pass to the httpd, murders it.
if it's only syn's then it's a syn flood. if they actually send ack's then not
but when you actually see requests in the web server's log file then it's not a syn flood
ya i dont wanna try to test that lol
did you see entries in the log file before you filtered the packets?
some yes, thats how i discovered it
ok, then it is at least not only a syn flood
anyway. either somebody doesn't like you they mistyped the ip address..
*or
=/
That's what she said!!
forgotten: that is ecatel netblock
i recommend you drop all of it, at all times
with no exceptions
it's a cybercrime isp pretty much..
hazardous: i blocked the /20 i could find
80.82.64.0/24
know of any other blocks?
forgotten: http://bgp.he.net/AS29073#_prefixes
.oO(aggregation? who needs aggregation?!)
staticsafe: thank you!! :)
forgotten: http://www.spamhaus.org/drop/ (maybe already used by up_the_irons or his upstreams)
I think forgotten was just asking to see if he was being targeted, or if that DoS'er was attacking the range.
ah yes, I misread "blocks" as "tips for blocking" :)
thx for the assist brycec :)
np
attack is still ongoing =/