Re: help - can someone explain this to me?

Mon, 29 Oct 2001 12:16:30 -0800 

tcpdumps of the packets might help you in the analysis...also, running an
IDS like snort could give you insight into the *attacks*.  the packets are
being denied by ipfw/ipchains, right?

-tuanis

On Thu, 25 Oct 2001, Steven M Bloomfield wrote:

> Hi,
>     I'm webmaster of a large-ish website and yesterday the server went down.
> It is a Redhat 6.1 Linux server.  All my ISP would do was press the 'reset'
> button - very kind of them (they are NT specialists).
> Inspecting my log files I found thousands of denied packets, all seem to be
> within a period of 6 hours.
> My question is, could such an attack disable my machine and crash it?  Can
> anyone identify what sort of attack it was?
> 
> Here's a summary below:
> 
> Denied packets from modem-392.awesome.dialup.pol.co.uk (62.25.129.136).
>   Port https (tcp,eth0,input): 5 packet(s).
> Total of 5 packet(s).
> 
> Denied packets from 10.10.71.237.
>   Port netbios-dgm (udp,eth1,input): 69 packet(s).
>   Port netbios-ns (udp,eth1,input): 333 packet(s).
> Total of 402 packet(s).
> 
> Denied packets from 10.10.0.4.
>   Port netbios-dgm (udp,eth1,input): 496 packet(s).
>   Port netbios-ns (udp,eth1,input): 2925 packet(s).
> Total of 3421 packet(s).
> 
> Denied packets from userSg017.videon.wave.ca (204.112.48.37).
>   Port 500 (udp,eth0,input): 6 packet(s).
> Total of 6 packet(s).
> 
> Denied packets from 207.190.199.102.
>   Port https (tcp,eth0,input): 11 packet(s).
> Total of 11 packet(s).
> 
> Denied packets from 10.10.32.21.
>   Port netbios-dgm (udp,eth1,input): 338 packet(s).
>   Port netbios-ns (udp,eth1,input): 1742 packet(s).
> Total of 2080 packet(s).
> 
> Denied packets from 172.17.0.18.
>   Port 1434 (udp,eth1,input): 2 packet(s).
> Total of 2 packet(s).
> 
> Denied packets from 10.10.1.37.
>   Port netbios-dgm (udp,eth1,input): 496 packet(s).
>   Port netbios-ns (udp,eth1,input): 2925 packet(s).
> Total of 3421 packet(s).
> 
> Denied packets from 10.10.32.27.
>   Port netbios-dgm (udp,eth1,input): 59 packet(s).
>   Port netbios-ns (udp,eth1,input): 324 packet(s).
> Total of 383 packet(s).
> 
> Denied packets from 10.10.32.28.
>   Port netbios-dgm (udp,eth1,input): 107 packet(s).
>   Port netbios-ns (udp,eth1,input): 513 packet(s).
> Total of 620 packet(s).
> 
> Denied packets from 10.10.0.1.
>   Port 0 (tcp,eth1,input): 3 packet(s).
> Total of 3 packet(s).
> 
> Denied packets from 10.10.0.3.
>   Port bootpc (udp,eth1,input): 19 packet(s).
>   Port netbios-dgm (udp,eth1,input): 475 packet(s).
>   Port netbios-ns (udp,eth1,input): 2259 packet(s).
> Total of 2753 packet(s).
> 
> 
> Thanks,
> Steve
> 
>

Reply via email to