Re: [SAtalk] DOS Attack?

alan premselaar Wed, 09 Jul 2003 09:04:31 -0700
Mike,

this appears to be coming from my mail server, i'm looking into the cause
now.  it also appears that earlier I responded to one of your posts and that
the mail wasn't able to be delivered and it's retrying to deliver it.

i tried sending you this message directly, but of course you're blocking
mail from all IPs in japan.

I'll post an update when i've found the cause of this.

do you know when this started? and is it still happening? (or rather, for
how long was it happening? and at what intervals?)

sorry for any inconvenience, thanks for any assistance in resolving this
matter.

alan

On 7/9/03 10:58 PM, "Mike Vanecek" <[EMAIL PROTECTED]> wrote:

> I think I am under a DOS attack on port 25. I have received 2172 smtp packets
> from the same location yesterday. Due to this activity I have set my firewall
> to reject all incoming packets from Japan. I notified [EMAIL PROTECTED],
> [EMAIL PROTECTED], and [EMAIL PROTECTED] of the problem.
> 
> Is there anything else I should do?
> 
> Sample from iptables log (all packets dropped):
> 
> Jul  8 00:00:07 www kernel: Asia1 IN=eth0 OUT=
> MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=61.121.253.8
> DST=192.168.1.95 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=45087 DF PROTO=TCP
> SPT=43869 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0
> Jul  8 00:00:31 www kernel: Asia1 IN=eth0 OUT=
> MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=61.121.253.8
> DST=192.168.1.95 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=45088 DF PROTO=TCP
> SPT=43869 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0
> Jul  8 00:01:19 www kernel: Asia1 IN=eth0 OUT=
> MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=61.121.253.8
> DST=192.168.1.95 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=45089 DF PROTO=TCP
> SPT=43869 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0
> Jul  8 00:03:46 www kernel: Asia1 IN=eth0 OUT=
> MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=61.121.253.8
> DST=192.168.1.95 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=18487 DF PROTO=TCP
> SPT=43872 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0
> Jul  8 00:03:49 www kernel: Asia1 IN=eth0 OUT=
> MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=61.121.253.8
> DST=192.168.1.95 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=18488 DF PROTO=TCP
> SPT=43872 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0
> Jul  8 00:03:55 www kernel: Asia1 IN=eth0 OUT=
> MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=61.121.253.8
> DST=192.168.1.95 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=18489 DF PROTO=TCP
> SPT=43872 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0
> Jul  8 00:04:07 www kernel: Asia1 IN=eth0 OUT=
> MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=61.121.253.8
> DST=192.168.1.95 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=18490 DF PROTO=TCP
> SPT=43872 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0
> Jul  8 00:04:31 www kernel: Asia1 IN=eth0 OUT=
> MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=61.121.253.8
> DST=192.168.1.95 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=18491 DF PROTO=TCP
> SPT=43872 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0
> Jul  8 00:05:19 www kernel: Asia1 IN=eth0 OUT=
> MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=61.121.253.8
> DST=192.168.1.95 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=18492 DF PROTO=TCP
> SPT=43872 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0
> Jul  8 00:07:46 www kernel: Asia1 IN=eth0 OUT=
> MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=61.121.253.8
> DST=192.168.1.95 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=65339 DF PROTO=TCP
> SPT=43880 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0
> .....
> Jul  8 23:47:49 www kernel: Asia1 IN=eth0 OUT=
> MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=61.121.253.8
> DST=192.168.1.95 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=13116 DF PROTO=TCP
> SPT=50658 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0
> Jul  8 23:47:55 www kernel: Asia1 IN=eth0 OUT=
> MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=61.121.253.8
> DST=192.168.1.95 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=13117 DF PROTO=TCP
> SPT=50658 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0
> Jul  8 23:48:07 www kernel: Asia1 IN=eth0 OUT=
> MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=61.121.253.8
> DST=192.168.1.95 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=13118 DF PROTO=TCP
> SPT=50658 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0
> Jul  8 23:48:31 www kernel: Asia1 IN=eth0 OUT=
> MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=61.121.253.8
> DST=192.168.1.95 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=13119 DF PROTO=TCP
> SPT=50658 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0
> Jul  8 23:49:19 www kernel: Asia1 IN=eth0 OUT=
> MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=61.121.253.8
> DST=192.168.1.95 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=13120 DF PROTO=TCP
> SPT=50658 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email sponsored by: Parasoft
> Error proof Web apps, automate testing & more.
> Download & eval WebKing and get a free book.
> www.parasoft.com/bulletproofapps
> _______________________________________________
> Spamassassin-talk mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
> 



-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] DOS Attack?

Reply via email to
