While monitoring the server I can see that the “named” service is using high CPU usage. I have found lots of questions are sent from multiple IP’s. This seems a DNS amplification attack. This attack is a type of distributed denial of service (DDos) attack that takes advantage of the fact that a small DNS question can generate a much larger response. When combined with source address spoofing, an attacker can direct a large volume of network traffic to a target system by initiating relatively small DNS questions.

here are the ip's and where they are coming from

192.126.118.105
174.139.237.142
70.39.67.110
199.115.102.83
173.234.39.133


hccforums.nl
ietf.org

sample of the attack to let you know, this log is 100 times bigger than I am posting and all was being done by them 5 IP's

09-Feb-2014 14:08:27.227 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.228 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.228 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.228 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.229 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.229 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.229 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.229 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.229 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.229 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.229 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.229 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.229 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.230 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.230 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.230 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.230 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.230 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.230 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.230 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.230 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.231 queries: info: client 70.39.67.110#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.231 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.231 queries: info: client 70.39.67.110#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.231 queries: info: client 70.39.67.110#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.232 queries: info: client 70.39.67.110#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.232 queries: info: client 70.39.67.110#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.232 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.232 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.232 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.232 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.232 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.237 queries: info: client 173.234.39.133#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.238 queries: info: client 173.234.39.133#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.238 queries: info: client 173.234.39.133#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.238 queries: info: client 173.234.39.133#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.239 queries: info: client 173.234.39.133#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.239 queries: info: client 199.115.102.83#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.239 queries: info: client 199.115.102.83#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.239 queries: info: client 199.115.102.83#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.240 queries: info: client 199.115.102.83#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.240 queries: info: client 199.115.102.83#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.241 queries: info: client 199.115.102.83#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.241 queries: info: client 199.115.102.83#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.241 queries: info: client 199.115.102.83#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.241 queries: info: client 199.115.102.83#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.241 queries: info: client 199.115.102.83#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.242 queries: info: client 173.234.39.133#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.242 queries: info: client 199.115.102.83#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.242 queries: info: client 199.115.102.83#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.242 queries: info: client 199.115.102.83#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.243 queries: info: client 199.115.102.83#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.243 queries: info: client 173.234.39.133#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.243 queries: info: client 173.234.39.133#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.243 queries: info: client 199.115.102.83#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.243 queries: info: client 173.234.39.133#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.244 queries: info: client 173.234.39.133#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.250 queries: info: client 199.115.102.83#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.250 queries: info: client 199.115.102.83#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.250 queries: info: client 199.115.102.83#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.250 queries: info: client 199.115.102.83#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.250 queries: info: client 199.115.102.83#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.251 queries: info: client 173.234.39.133#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.252 queries: info: client 70.39.67.110#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.252 queries: info: client 70.39.67.110#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.252 queries: info: client 173.234.39.133#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.252 queries: info: client 173.234.39.133#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.252 queries: info: client 173.234.39.133#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.252 queries: info: client 70.39.67.110#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.252 queries: info: client 70.39.67.110#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.252 queries: info: client 70.39.67.110#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.253 queries: info: client 173.234.39.133#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.253 queries: info: client 173.234.39.133#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.254 queries: info: client 173.234.39.133#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.254 queries: info: client 173.234.39.133#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.254 queries: info: client 173.234.39.133#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.254 queries: info: client 70.39.67.110#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.254 queries: info: client 173.234.39.133#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.254 queries: info: client 70.39.67.110#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.255 queries: info: client 70.39.67.110#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.255 queries: info: client 173.234.39.133#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.255 queries: info: client 70.39.67.110#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.255 queries: info: client 70.39.67.110#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.255 queries: info: client 70.39.67.110#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.255 queries: info: client 70.39.67.110#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.256 queries: info: client 70.39.67.110#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.256 queries: info: client 70.39.67.110#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.256 queries: info: client 173.234.39.133#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.256 queries: info: client 173.234.39.133#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.256 queries: info: client 70.39.67.110#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.256 queries: info: client 173.234.39.133#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.257 queries: info: client 173.234.39.133#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.260 queries: info: client 70.39.67.110#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.260 queries: info: client 70.39.67.110#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.261 queries: info: client 70.39.67.110#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.261 queries: info: client 70.39.67.110#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.261 queries: info: client 70.39.67.110#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.265 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.265 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.265 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.266 queries: info: client 199.115.102.83#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.266 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.266 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.266 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.266 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.266 queries: info: client 199.115.102.83#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.267 queries: info: client 199.115.102.83#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.267 queries: info: client 199.115.102.83#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.267 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.267 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.267 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.267 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.267 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.267 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.267 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.267 queries: info: client 199.115.102.83#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.268 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.269 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.269 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.269 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.269 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.269 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.270 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.270 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.271 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.271 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.271 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.271 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.271 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.271 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.271 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.272 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.272 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.272 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.272 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.273 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.273 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.273 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.273 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.273 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.273 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.274 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.274 queries: info: client 192.126.118.105#5209: query: ietf.org IN ANY +E
09-Feb-2014 14:08:27.274 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.274 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.274 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.274 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.275 queries: info: client 70.39.67.110#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.276 queries: info: client 70.39.67.110#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.276 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.276 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.276 queries: info: client 174.139.237.142#5209: query: hccforums.nl IN ANY +E
09-Feb-2014 14:08:27.276 queries: info: client

I posted this to let the world see who the bad kids and from what website they are really from.

we went from 85% CPU usage ...... to .3% CPU usage by blocking them 5 IP's

I don't get it. Why are they after us? Did we ban some one that now want to go after us or did we get an IP that was used and has bad history?

Oh that explains it I hard a hard time getting into the outhouse My internet time was cut short and not logging in here is a hassle I have to visit this place often :wavey:

I'd like to get me hands on 'em. This site does nothing wrong, to anyone, and doesn't deserve that. JMO.

BB686:US-flag:

Oh that explains it I hard a hard time getting into the outhouse My internet time was cut short and not logging in here is a hassle I have to visit this place often :wavey:

When SOH is down, you can find information at www.sim-outhouse.net (http://www.sim-outhouse.net). The .net is not apart of the .com so it is often fine.

When SOH is down, you can find information at www.sim-outhouse.net (http://www.sim-outhouse.net). The .net is not apart of the .com so it is often fine.


Thank you Mr Allen sir :wavey:

Ickie,

Do you know about the WHOIS at arin.net? For example, with arin.net I can see the IP address 70.39.67.110 belongs to an ISP named Sharknet Colorado USA. Using the IP address in this way could be a clear violation of USA law. You could at least report the IP address to the ISP.

And 174.139.237.142 is from an ISP in California.

When SOH is down, you can find information at www.sim-outhouse.net (http://www.sim-outhouse.net). The .net is not apart of the .com so it is often fine.

A question... what happens when your SOH.com Login info won't work at SOH.net?

Alan 4103

A question... what happens when your SOH.com Login info won't work at SOH.net?

Alan 4103

The two sites are on different servers running different software (Linux and Windows Server) and the member info is non-transferable between the two so you will need to re-register at the .net site in order to access it fully.

I need to check my home IP. When I went to log on on sat. I got an "Account Disabled" notice come up. If one of those IP's is me, then mine, or my wife's laptops may have been compromised! It may explain why the whole home system seems to slow to a crawl about 50% of the time. (sent from work computer)

The two sites are on different servers running different software (Linux and Windows Server) and the member info is non-transferable between the two so you will need to re-register at the .net site in order to access it fully.

True but you can read on the .net with out re-registering.

The two sites are on different servers running different software (Linux and Windows Server) and the member info is non-transferable between the two so you will need to re-register at the .net site in order to access it fully.

Ahh... many thanks, Larry!

4105

I need to check my home IP. When I went to log on on sat. I got an "Account Disabled" notice come up. If one of those IP's is me, then mine, or my wife's laptops may have been compromised! It may explain why the whole home system seems to slow to a crawl about 50% of the time. (sent from work computer)

Your forthrightness is truly refreshing, sir. I suggest you and Ickie chat about scrubbing up your laptops and trying again. I wish you luck in finding the problem files on your machines. If nothing else, a good scan of those laptops should improve their performance for you.

When you do the scan and repair, keep the logs so they can be analyzed for which miserable malware is likely to be at fault. Others of us can then be able to go after it (them) on our own machines.

here is a cool website which shows it all
http://www.nothink.org/honeypot_dns.php

looks to be started from china
http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&time=16111&view=map

here is a cool website which shows it all
http://www.nothink.org/honeypot_dns.php

looks to be started from china
http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&time=16111&view=map

Ickie,

China, huh? Where's Chairman Mao when you need him?

Your forthrightness is truly refreshing, sir. I suggest you and Ickie chat about scrubbing up your laptops and trying again. I wish you luck in finding the problem files on your machines. If nothing else, a good scan of those laptops should improve their performance for you.

When you do the scan and repair, keep the logs so they can be analyzed for which miserable malware is likely to be at fault. Others of us can then be able to go after it (them) on our own machines.Back to normal again - perhaps it was just a sympton of the attack. I'm still having a thorough scrub through though - I'm normally fairly careful about these things, but, you never know........drop your guard for a second and whammo!

these new attacks only last a few hours, if you look at my link (http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&time=16111&view=map )
you will see a lot of resources being used up to control the internet.
I'm afraid "it's the end of our internet as we know it"
we need to band together as the WORLD USERS and demand a stop to this, much of it is at the hands of governments.

I have gone through the dns logs and also monitored the server and found that this is one of the DNS amplification attack over/through our server. In this weekend attack, somebody is trying to use our DNS server to flood somebody else. In this case it will be “denied” packet and it will still go to the flood target, not to mention flooding of our syslog messages log and steal bandwidth from our server.

In order to lock down such attack I disabled the recursion, that is set allow-recursion to "none;" on the server.
I will see what happens tomorrow.

they never stop, here is a new one Port Flood lucky my scripts caught and banned him/her/it

Time: Mon Feb 10 19:20:26 2014 -0500
IP: 23.29.118.202 (US/United States/23-29-118-202-customer-incero.com)
Hits: 4
Blocked: Permanent Block

Sample of block hits:
Feb 10 19:20:20 ns1 kernel: Firewall: *Port Flood* IN=eth0 OUT= MAC=00:24:e8:6b:c7:f8:00:17:df:59:3c:40:08:00 SRC=23.29.118.202 DST=72.233.76.234 LEN=52 TOS=0x00 PREC=0x00 TTL=119 ID=28535 DF PROTO=TCP SPT=55571 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 Feb 10 19:20:20 ns1 kernel: Firewall: *Port Flood* IN=eth0 OUT= MAC=00:24:e8:6b:c7:f8:00:17:df:59:3c:40:08:00 SRC=23.29.118.202 DST=72.233.76.234 LEN=52 TOS=0x00 PREC=0x00 TTL=119 ID=28539 DF PROTO=TCP SPT=55572 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 Feb 10 19:20:20 ns1 kernel: Firewall: *Port Flood* IN=eth0 OUT= MAC=00:24:e8:6b:c7:f8:00:17:df:59:3c:40:08:00 SRC=23.29.118.202 DST=72.233.76.234 LEN=52 TOS=0x00 PREC=0x00 TTL=119 ID=28543 DF PROTO=TCP SPT=55573 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 Feb 10 19:20:20 ns1 kernel: Firewall: *Port Flood* IN=eth0 OUT= MAC=00:24:e8:6b:c7:f8:00:17:df:59:3c:40:08:00 SRC=23.29.118.202 DST=72.233.76.234 LEN=52 TOS=0x00 PREC=0x00 TTL=119 ID=28546 DF PROTO=TCP SPT=55574 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0

same script
Time: Mon Feb 10 19:23:19 2014 -0500
IP: 82.122.153.121 (FR/France/AGrenoble-651-1-449-121.w82-122.abo.wanadoo.fr)
Hits: 4
Blocked: Permanent Block


same script
Time: Mon Feb 10 19:23:45 2014 -0500
IP: 75.142.31.241 (US/United States/75-142-31-241.dhcp.mdfd.or.charter.com)
Hits: 4
Blocked: Permanent Block


same script
Time: Mon Feb 10 19:24:10 2014 -0500
IP: 75.80.243.60 (US/United States/cpe-75-80-243-60.dc.res.rr.com)
Hits: 4
Blocked: Permanent Block

here is 10 minutes of the same script
4138

here is what the attack looked like on our server

4214

I wonder if this attack BS has any thing to do with the lolympics?

no because it started 4-5 months ago with new tactics, it is a shame my country is doing this to other countries, and they are fighting back, than others got into the fight to prove they can too.
I say enough is enough, it is time to ban all ip's connected with this bull crap.
Go to a new system where we the user has to buy their IP and it is held responsible for their actions.

attack map note move slider at bottom to today
http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&time=16114&view=map

Glad your staying frosty as usual, Ron, thanks... but be advised: things are acting "funny" here this day. Have been unable to log out for several minutes, though was immediately able to log out from gmail & other sites during the "lock-up". Software change adjustment/attack/bug? Unsure, but am assuring you it is so. 'Preciate you being on top of things, you're better at it than most, in my estimation.

we know about slow, we made it this way.
I would rather have slow ..... to ...... hacked.

we know about slow, we made it this way.
I would rather have slow ..... to ...... hacked.




Hey Ron- Whatever you believe will not change truth.
2 minutes of that leeta dealie a-spinnin' whilst continuing to wait to be signed out?


No way, man.


'Tis different today though, see? ...

.