***: LT has joined #arpnetworks
dwarren has quit IRC (Quit: leaving)
dwarren has joined #arpnetworks
dwarren has quit IRC (Client Quit)
dwarren has joined #arpnetworks forgotten: anyone one else in the 206.125.175.x range experiencing DoS from 80.82.64.0-80.82.79.0 ip's ? BryceBot: That's what she said!! brycec: BryceBot: no BryceBot: Oh, okay... I'm sorry. 'anyone one else in the 206.125.175.x range experiencing DoS from 80.82.64.0-80.82.79.0 ip's ?' forgotten: lol ant: forgotten: incoming rate of 10kbps on my server. doesn't seem like a dos
(that's probably my ssh connection) forgotten: ant: im getting roughly 5,000 blocks per 10minutes. All going to port 80. Before blocking it was bringing my apache service to it's knees. ant: forgotten: not sure what you mean by blocks, but doesn't seem like much... forgotten: http://wmfb.co/txt/holyshit.txt ant: oh, is that a syn flood? forgotten: not sure, showing as normal TCP / port 80 traffic. just massive constant web server requests
when allowed to pass to the httpd, murders it. ant: if it's only syn's then it's a syn flood. if they actually send ack's then not
but when you actually see requests in the web server's log file then it's not a syn flood forgotten: ya i dont wanna try to test that lol ant: did you see entries in the log file before you filtered the packets? forgotten: some yes, thats how i discovered it ant: ok, then it is at least not only a syn flood
anyway. either somebody doesn't like you they mistyped the ip address..
*or forgotten: =/ ***: LT has quit IRC (Quit: Leaving) hazardous: That's what she said!!
forgotten: that is ecatel netblock
i recommend you drop all of it, at all times
with no exceptions
it's a cybercrime isp pretty much.. forgotten: hazardous: i blocked the /20 i could find
80.82.64.0/24
know of any other blocks? ***: dwarren has quit IRC (Quit: leaving) staticsafe: forgotten: http://bgp.he.net/AS29073#_prefixes ant: .oO(aggregation? who needs aggregation?!) forgotten: staticsafe: thank you!! :) ***: toddf has quit IRC (Remote host closed the connection)
toddf has joined #arpnetworks
ChanServ sets mode: +o toddf
staticsafe has quit IRC (Ping timeout: 260 seconds)
staticsafe has joined #arpnetworks dne: forgotten: http://www.spamhaus.org/drop/ (maybe already used by up_the_irons or his upstreams) brycec: I think forgotten was just asking to see if he was being targeted, or if that DoS'er was attacking the range. dne: ah yes, I misread "blocks" as "tips for blocking" :) forgotten: thx for the assist brycec :) brycec: np forgotten: attack is still ongoing =/ ***: dwarren has joined #arpnetworks
dwarren has quit IRC (Client Quit)
dwarren has joined #arpnetworks
carvite_ has quit IRC (Quit: leaving)
carvite_ has joined #arpnetworks
carvite_ has quit IRC (Client Quit)
carvite has quit IRC (Remote host closed the connection)
carvite has joined #arpnetworks
carvite has quit IRC (Remote host closed the connection)
carvite has joined #arpnetworks
sga0_ has joined #arpnetworks
sga0 has quit IRC (Ping timeout: 258 seconds)
dj_goku has quit IRC (Ping timeout: 246 seconds)
dj_goku has joined #arpnetworks
dj_goku has quit IRC (Changing host)
dj_goku has joined #arpnetworks
awyeah has quit IRC (Ping timeout: 260 seconds)
awyeah has joined #arpnetworks
toeshred has quit IRC (Ping timeout: 260 seconds)
toeshred has joined #arpnetworks