#arpnetworks 2014-10-09,Thu

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
***dwarren has joined #arpnetworks
LT has joined #arpnetworks
[01:01]
dwarren has quit IRC (Quit: leaving)
dwarren has joined #arpnetworks
dwarren has quit IRC (Client Quit)
dwarren has joined #arpnetworks
[01:08]
........................................................................................ (idle for 7h18mn)
forgottenanyone one else in the 206.125.175.x range experiencing DoS from 80.82.64.0-80.82.79.0 ip's ? [08:29]
BryceBotThat's what she said!! [08:29]
brycecBryceBot: no [08:29]
BryceBotOh, okay... I'm sorry. 'anyone one else in the 206.125.175.x range experiencing DoS from 80.82.64.0-80.82.79.0 ip's ?' [08:29]
forgottenlol [08:31]
antforgotten: incoming rate of 10kbps on my server. doesn't seem like a dos
(that's probably my ssh connection)
[08:33]
forgottenant: im getting roughly 5,000 blocks per 10minutes. All going to port 80. Before blocking it was bringing my apache service to it's knees. [08:37]
antforgotten: not sure what you mean by blocks, but doesn't seem like much... [08:38]
forgottenhttp://wmfb.co/txt/holyshit.txt [08:39]
antoh, is that a syn flood? [08:40]
forgottennot sure, showing as normal TCP / port 80 traffic. just massive constant web server requests
when allowed to pass to the httpd, murders it.
[08:40]
antif it's only syn's then it's a syn flood. if they actually send ack's then not
but when you actually see requests in the web server's log file then it's not a syn flood
[08:41]
forgottenya i dont wanna try to test that lol [08:44]
antdid you see entries in the log file before you filtered the packets? [08:46]
forgottensome yes, thats how i discovered it [08:52]
antok, then it is at least not only a syn flood
anyway. either somebody doesn't like you they mistyped the ip address..
*or
[08:53]
forgotten=/ [08:55]
....... (idle for 30mn)
***LT has quit IRC (Quit: Leaving) [09:25]
............ (idle for 58mn)
hazardousThat's what she said!!
forgotten: that is ecatel netblock
i recommend you drop all of it, at all times
with no exceptions
it's a cybercrime isp pretty much..
[10:23]
forgottenhazardous: i blocked the /20 i could find
80.82.64.0/24
know of any other blocks?
[10:29]
***dwarren has quit IRC (Quit: leaving) [10:42]
....... (idle for 30mn)
staticsafeforgotten: http://bgp.he.net/AS29073#_prefixes [11:12]
ant.oO(aggregation? who needs aggregation?!) [11:13]
forgottenstaticsafe: thank you!! :) [11:16]
.......... (idle for 49mn)
***toddf has quit IRC (Remote host closed the connection)
toddf has joined #arpnetworks
ChanServ sets mode: +o toddf
[12:05]
................ (idle for 1h18mn)
staticsafe has quit IRC (Ping timeout: 260 seconds)
staticsafe has joined #arpnetworks
[13:23]
....................... (idle for 1h53mn)
dneforgotten: http://www.spamhaus.org/drop/ (maybe already used by up_the_irons or his upstreams) [15:18]
brycecI think forgotten was just asking to see if he was being targeted, or if that DoS'er was attacking the range. [15:21]
dneah yes, I misread "blocks" as "tips for blocking" :) [15:22]
forgottenthx for the assist brycec :) [15:32]
brycecnp [15:32]
forgottenattack is still ongoing =/ [15:32]
***dwarren has joined #arpnetworks
dwarren has quit IRC (Client Quit)
dwarren has joined #arpnetworks
[15:39]
..... (idle for 21mn)
carvite_ has quit IRC (Quit: leaving)
carvite_ has joined #arpnetworks
carvite_ has quit IRC (Client Quit)
carvite has quit IRC (Remote host closed the connection)
carvite has joined #arpnetworks
[16:05]
carvite has quit IRC (Remote host closed the connection)
carvite has joined #arpnetworks
[16:23]
......................... (idle for 2h3mn)
sga0_ has joined #arpnetworks
sga0 has quit IRC (Ping timeout: 258 seconds)
[18:27]
......................... (idle for 2h4mn)
dj_goku has quit IRC (Ping timeout: 246 seconds)
dj_goku has joined #arpnetworks
dj_goku has quit IRC (Changing host)
dj_goku has joined #arpnetworks
[20:31]
........................ (idle for 1h56mn)
awyeah has quit IRC (Ping timeout: 260 seconds)
awyeah has joined #arpnetworks
[22:31]
.... (idle for 15mn)
toeshred has quit IRC (Ping timeout: 260 seconds) [22:49]
............. (idle for 1h1mn)
toeshred has joined #arpnetworks [23:50]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)