The website is "http://www.betmania.com/"; and when I try to connect to it I get "Database Error: Unable to connect to the database:Could not connect to MySQL".
It's not unusual for betting sites to be DDoSed for ransom. Frank -----Original Message----- From: Jay Hennigan [mailto:[EMAIL PROTECTED] Sent: Saturday, October 18, 2008 10:24 AM To: NANOG list Subject: Re: the attack continues.. Beavis wrote: > Hello Lists, > > I'm still getting attacked and most of the IP's i got have been > reported. and just this morning it looks as if someone is testing my > network. and sending out short TCP_SESSION requests. now i may be > paranoid but this past few days have been hell.. just want to know if > the folks from these ip's can help me out. > > Attacker IP,Attacker Port,Victim IP,Victim Port,Attack Type,Start > Time,Extra Info > 205.188.116.7,47198,200.0.179.73,80,TCP_SESSION,2008-10-18 > 14:20:48,Filtered IP: Dropped packets: 3 Dropped bytes: 156 > 205.188.117.134,45379,200.0.179.73,80,TCP_SESSION,2008-10-18 > 14:20:48,Filtered IP: Dropped packets: 0 Dropped bytes: 0 > 205.188.117.137,42257,200.0.179.73,80,TCP_SESSION,2008-10-18 > 14:20:48,Filtered IP: Dropped packets: 0 Dropped bytes: 0 > 75.105.128.38,4092,200.0.179.73,80,TCP_SESSION,2008-10-18 > 14:20:48,Filtered IP: Dropped packets: 0 Dropped bytes: 0 > > First 3 IP's come from AOL, I'll try to see if I can get their attention. > > Last IP is from a Wildblue Communications WBC-39. "Beavis", you're running a web server on 200.0.179.73, some sort of gambling site. Those who operate web servers generally expect traffic to TCP port 80. If you're not aware that you have a web server running, then it is most likely your machine that is infected with a bot. -- Jay Hennigan - CCIE #7880 - Network Engineering - [EMAIL PROTECTED] Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
