|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Sat, 18 Oct 2008 14:50:41 -0400 From: "Christopher Morrow" <morrowc.lists@gmail.com> To: "Frank Bulk" <frnkblk@iname.com> In-Reply-To: <!&!AAAAAAAAAAAuAAAAAAAAAKTyXRN5/+lGvU59a+P7CFMBAN6gY+ZG84BMpVQcAbDh1IQAAAATbSgAABAAAAClJSdZCnuJRoP+FreDAshoAQAAAAA=@iname.com> Cc: NANOG list <nanog@nanog.org> Errors-To: nanog-bounces@nanog.org On Sat, Oct 18, 2008 at 12:16 PM, Frank Bulk <frnkblk@iname.com> wrote: > The website is "http://www.betmania.com/" and when I try to connect to it I > get "Database Error: Unable to connect to the database:Could not connect to > MySQL". > > It's not unusual for betting sites to be DDoSed for ransom. > GW10.MIA4.ALTER.NET (152.63.81.53) 54.482 ms 54.665 ms 8 (63.65.190.126) 54.949 ms 54.774 ms 55.035 ms 9 s-1-0-0-nmi-core01.nwnnetwork.net (63.245.5.65) 58.575 ms 56.288 ms 58.745 ms 10 ge-2-0-nmi-edge03.nwnnetwork.net (63.245.5.21) I would also venture to guess that vbz/uunet would be willing to help if the site's provider (nwnnetwork.net) would call and ask for support... > Frank > > -----Original Message----- > From: Jay Hennigan [mailto:jay@west.net] > Sent: Saturday, October 18, 2008 10:24 AM > To: NANOG list > Subject: Re: the attack continues.. > > Beavis wrote: >> Hello Lists, >> >> I'm still getting attacked and most of the IP's i got have been >> reported. and just this morning it looks as if someone is testing my >> network. and sending out short TCP_SESSION requests. now i may be >> paranoid but this past few days have been hell.. just want to know if >> the folks from these ip's can help me out. >> >> Attacker IP,Attacker Port,Victim IP,Victim Port,Attack Type,Start >> Time,Extra Info >> 205.188.116.7,47198,200.0.179.73,80,TCP_SESSION,2008-10-18 >> 14:20:48,Filtered IP: Dropped packets: 3 Dropped bytes: 156 >> 205.188.117.134,45379,200.0.179.73,80,TCP_SESSION,2008-10-18 >> 14:20:48,Filtered IP: Dropped packets: 0 Dropped bytes: 0 >> 205.188.117.137,42257,200.0.179.73,80,TCP_SESSION,2008-10-18 >> 14:20:48,Filtered IP: Dropped packets: 0 Dropped bytes: 0 >> 75.105.128.38,4092,200.0.179.73,80,TCP_SESSION,2008-10-18 >> 14:20:48,Filtered IP: Dropped packets: 0 Dropped bytes: 0 >> >> First 3 IP's come from AOL, I'll try to see if I can get their attention. >> >> Last IP is from a Wildblue Communications WBC-39. > > "Beavis", you're running a web server on 200.0.179.73, some sort of > gambling site. Those who operate web servers generally expect traffic > to TCP port 80. If you're not aware that you have a web server running, > then it is most likely your machine that is infected with a bot. > > -- > Jay Hennigan - CCIE #7880 - Network Engineering - jay@impulse.net > Impulse Internet Service - http://www.impulse.net/ > Your local telephone and internet company - 805 884-6323 - WB6RDV > > > >
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |