[192540] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Syn flood to TCP port 21 from priveleged port (80)

daemon@ATHENA.MIT.EDU (Oleg A. Arkhangelsky)
Tue Nov 1 14:46:32 2016

X-Original-To: nanog@nanog.org
From: Oleg A. Arkhangelsky <sysoleg@yandex.ru>
To: "nanog@nanog.org" <nanog@nanog.org>
In-Reply-To: <5340201478025616@web26o.yandex.ru>
Date: Tue, 01 Nov 2016 21:44:23 +0300
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

Hello,

A couple of cuts from tcpdump output:

21:31:54.995170 IP 141.138.131.115.80 > 109.72.248.114.21: Flags [S], seq 1376379765, win 8192, length 0
21:31:55.231925 IP 194.73.173.154.80 > 109.72.241.198.21: Flags [S], seq 2254756684, win 8192, length 0
21:27:50.413927 IP 95.131.188.179.80 > 109.72.248.114.21: Flags [S], seq 3619475318, win 8192, length 0
21:27:50.477014 IP 95.131.191.77.80 > 109.72.248.114.21: Flags [S], seq 2412690982, win 8192, length 0

Does anyone seeing this right now (18:31 UTC)? I see this traffic
on at least two completely independent ISPs near Moscow. The
rate is about a few dozen PPS hitting all BGP-announced networks.

-- 
wbr, Oleg.

"Anarchy is about taking complete responsibility for yourself."
      Alan Moore.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[192540] in North American Network Operators' Group

Re: Syn flood to TCP port 21 from priveleged port (80)

daemon@ATHENA.MIT.EDU (Oleg A. Arkhangelsky)Tue Nov 1 14:46:32 2016

daemon@ATHENA.MIT.EDU (Oleg A. Arkhangelsky)
Tue Nov 1 14:46:32 2016