| ↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |
| Who | What | When |
|---|---|---|
| *** | dwarren has joined #arpnetworks
LT has joined #arpnetworks | [01:01] |
| dwarren has quit IRC (Quit: leaving)
dwarren has joined #arpnetworks dwarren has quit IRC (Client Quit) dwarren has joined #arpnetworks | [01:08] | |
| ........................................................................................ (idle for 7h18mn) | ||
| forgotten | anyone one else in the 206.125.175.x range experiencing DoS from 80.82.64.0-80.82.79.0 ip's ? | [08:29] |
| BryceBot | That's what she said!! | [08:29] |
| brycec | BryceBot: no | [08:29] |
| BryceBot | Oh, okay... I'm sorry. 'anyone one else in the 206.125.175.x range experiencing DoS from 80.82.64.0-80.82.79.0 ip's ?' | [08:29] |
| forgotten | lol | [08:31] |
| ant | forgotten: incoming rate of 10kbps on my server. doesn't seem like a dos
(that's probably my ssh connection) | [08:33] |
| forgotten | ant: im getting roughly 5,000 blocks per 10minutes. All going to port 80. Before blocking it was bringing my apache service to it's knees. | [08:37] |
| ant | forgotten: not sure what you mean by blocks, but doesn't seem like much... | [08:38] |
| forgotten | http://wmfb.co/txt/holyshit.txt | [08:39] |
| ant | oh, is that a syn flood? | [08:40] |
| forgotten | not sure, showing as normal TCP / port 80 traffic. just massive constant web server requests
when allowed to pass to the httpd, murders it. | [08:40] |
| ant | if it's only syn's then it's a syn flood. if they actually send ack's then not
but when you actually see requests in the web server's log file then it's not a syn flood | [08:41] |
| forgotten | ya i dont wanna try to test that lol | [08:44] |
| ant | did you see entries in the log file before you filtered the packets? | [08:46] |
| forgotten | some yes, thats how i discovered it | [08:52] |
| ant | ok, then it is at least not only a syn flood
anyway. either somebody doesn't like you they mistyped the ip address.. *or | [08:53] |
| forgotten | =/ | [08:55] |
| ....... (idle for 30mn) | ||
| *** | LT has quit IRC (Quit: Leaving) | [09:25] |
| ............ (idle for 58mn) | ||
| hazardous | That's what she said!!
forgotten: that is ecatel netblock i recommend you drop all of it, at all times with no exceptions it's a cybercrime isp pretty much.. | [10:23] |
| forgotten | hazardous: i blocked the /20 i could find
80.82.64.0/24 know of any other blocks? | [10:29] |
| *** | dwarren has quit IRC (Quit: leaving) | [10:42] |
| ....... (idle for 30mn) | ||
| staticsafe | forgotten: http://bgp.he.net/AS29073#_prefixes | [11:12] |
| ant | .oO(aggregation? who needs aggregation?!) | [11:13] |
| forgotten | staticsafe: thank you!! :) | [11:16] |
| .......... (idle for 49mn) | ||
| *** | toddf has quit IRC (Remote host closed the connection)
toddf has joined #arpnetworks ChanServ sets mode: +o toddf | [12:05] |
| ................ (idle for 1h18mn) | ||
| staticsafe has quit IRC (Ping timeout: 260 seconds)
staticsafe has joined #arpnetworks | [13:23] | |
| ....................... (idle for 1h53mn) | ||
| dne | forgotten: http://www.spamhaus.org/drop/ (maybe already used by up_the_irons or his upstreams) | [15:18] |
| brycec | I think forgotten was just asking to see if he was being targeted, or if that DoS'er was attacking the range. | [15:21] |
| dne | ah yes, I misread "blocks" as "tips for blocking" :) | [15:22] |
| forgotten | thx for the assist brycec :) | [15:32] |
| brycec | np | [15:32] |
| forgotten | attack is still ongoing =/ | [15:32] |
| *** | dwarren has joined #arpnetworks
dwarren has quit IRC (Client Quit) dwarren has joined #arpnetworks | [15:39] |
| ..... (idle for 21mn) | ||
| carvite_ has quit IRC (Quit: leaving)
carvite_ has joined #arpnetworks carvite_ has quit IRC (Client Quit) carvite has quit IRC (Remote host closed the connection) carvite has joined #arpnetworks | [16:05] | |
| carvite has quit IRC (Remote host closed the connection)
carvite has joined #arpnetworks | [16:23] | |
| ......................... (idle for 2h3mn) | ||
| sga0_ has joined #arpnetworks
sga0 has quit IRC (Ping timeout: 258 seconds) | [18:27] | |
| ......................... (idle for 2h4mn) | ||
| dj_goku has quit IRC (Ping timeout: 246 seconds)
dj_goku has joined #arpnetworks dj_goku has quit IRC (Changing host) dj_goku has joined #arpnetworks | [20:31] | |
| ........................ (idle for 1h56mn) | ||
| awyeah has quit IRC (Ping timeout: 260 seconds)
awyeah has joined #arpnetworks | [22:31] | |
| .... (idle for 15mn) | ||
| toeshred has quit IRC (Ping timeout: 260 seconds) | [22:49] | |
| ............. (idle for 1h1mn) | ||
| toeshred has joined #arpnetworks | [23:50] | |
| ↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |