Ciao a tutti,
è già il secondo contatto che ricevuto per un attacco che sembra essere
partito dal mio server, qualche animo gentile potrebbe dirmi cosa verificare
sul server...o eventualmente come intervenire??
è già il secondo contatto in 2 settimane (da due provider diversi) quindi
non credo proprio sia un caso
vi allego la mail ricevuta
To whom it may concern;
The remote system XXX.XXX.XXX.XXX was logged attacking our host
69.93.196.213,
this is an automated warning based on admin contacts from the arin.net
whois
database. Please do not ignore this message!
XXX.XXX.XXX.XXX was found to have exceeded acceptable inbound packet
flow,
we have as such banned the remote host from our network. However to
remove the
stress from our carrier providers network, we require your assistance to
further investigate this issue and see that it does not occure again.
Enclosed below are log portions detailing the attack on our host, all
time
stamps are GMT -0400.
Event logs:
Sep 21 13:16:52 host301 kernel: ** IN_TCP DROP ** IN=eth1 OUT=
MAC=00:30:48:29:d4:11:00:d0:02:76:c8:00:08:00 SRC=XXX.XXX.XXX.XXX
DST=69.93.164.32 LEN=48 TOS=0x04 PREC=0x00 TTL=120 ID=9609 DF PROTO=TCP
SPT=1994 DPT=2100 WINDOW=16384 RES=0x00 SYN URGP=0 OPT
(020405B401010402)
Sep 21 13:16:52 host301 kernel: ** IN_TCP DROP ** IN=eth1 OUT=
MAC=00:30:48:29:d4:11:00:d0:02:76:c8:00:08:00 SRC=XXX.XXX.XXX.XXX
DST=69.93.164.33 LEN=48 TOS=0x04 PREC=0x00 TTL=120 ID=9610 DF PROTO=TCP
SPT=1995 DPT=2100 WINDOW=16384 RES=0x00 SYN URGP=0 OPT
(020405B401010402)
Sep 21 13:16:52 host301 kernel: ** IN_TCP DROP ** IN=eth1 OUT=
MAC=00:30:48:29:d4:11:00:d0:02:76:c8:00:08:00 SRC=XXX.XXX.XXX.XXX
DST=69.93.164.34 LEN=48 TOS=0x04 PREC=0x00 TTL=120 ID=9611 DF PROTO=TCP
SPT=2002 DPT=2100 WINDOW=16384 RES=0x00 SYN URGP=0 OPT
(020405B401010402)
Sep 21 13:16:52 host301 kernel: ** IN_TCP DROP ** IN=eth1 OUT=
MAC=00:30:48:29:d4:11:00:d0:02:76:c8:00:08:00 SRC=XXX.XXX.XXX.XXX
DST=69.93.164.35 LEN=48 TOS=0x04 PREC=0x00 TTL=120 ID=9612 DF PROTO=TCP
SPT=2003 DPT=2100 WINDOW=16384 RES=0x00 SYN URGP=0 OPT
(020405B401010402)
Sep 21 13:16:52 host301 kernel: ** IN_TCP DROP ** IN=eth1 OUT=
MAC=00:30:48:29:d4:11:00:d0:02:76:c8:00:08:00 SRC=XXX.XXX.XXX.XXX
DST=69.93.164.36 LEN=48 TOS=0x04 PREC=0x00 TTL=120 ID=9613 DF PROTO=TCP
SPT=2004 DPT=2100 WINDOW=16384 RES=0x00 SYN URGP=0 OPT
(020405B401010402)
Sep 21 13:16:55 host301 kernel: ** IN_TCP DROP ** IN=eth1 OUT=
MAC=00:30:48:29:d4:11:00:d0:02:76:c8:00:08:00 SRC=XXX.XXX.XXX.XXX
DST=69.93.164.39 LEN=48 TOS=0x04 PREC=0x00 TTL=120 ID=12178 DF PROTO=TCP
SPT=2007 DPT=2100 WINDOW=16384 RES=0x00 SYN URGP=0 OPT
(020405B401010402)
Sep 21 13:16:55 host301 kernel: ** IN_TCP DROP ** IN=eth1 OUT=
MAC=00:30:48:29:d4:11:00:d0:02:76:c8:00:08:00 SRC=XXX.XXX.XXX.XXX
DST=69.93.164.37 LEN=48 TOS=0x04 PREC=0x00 TTL=120 ID=12182 DF PROTO=TCP
SPT=2005 DPT=2100 WINDOW=16384 RES=0x00 SYN URGP=0 OPT
(020405B401010402)
Sep 21 13:17:13 host301 kernel: ** IN_TCP DROP ** IN=eth1 OUT=
MAC=00:30:48:29:d4:11:00:d0:02:76:c8:00:08:00 SRC=XXX.XXX.XXX.XXX
DST=69.93.196.212 LEN=48 TOS=0x04 PREC=0x00 TTL=120 ID=28390 DF
PROTO=TCP SPT=4791 DPT=2100 WINDOW=16384 RES=0x00 SYN URGP=0 OPT
(020405B401010402)
Sep 21 13:17:13 host301 kernel: ** IN_TCP DROP ** IN=eth1 OUT=
MAC=00:30:48:29:d4:11:00:d0:02:76:c8:00:08:00 SRC=XXX.XXX.XXX.XXX
DST=69.93.196.213 LEN=48 TOS=0x04 PREC=0x00 TTL=120 ID=28391 DF
PROTO=TCP SPT=4792 DPT=2100 WINDOW=16384 RES=0x00 SYN URGP=0 OPT
(020405B401010402)
Sep 21 13:17:13 host301 kernel: ** IN_TCP DROP ** IN=eth1 OUT=
MAC=00:30:48:29:d4:11:00:d0:02:76:c8:00:08:00 SRC=XXX.XXX.XXX.XXX
DST=69.93.196.221 LEN=48 TOS=0x04 PREC=0x00 TTL=120 ID=28399 DF
PROTO=TCP SPT=4800 DPT=2100 WINDOW=16384 RES=0x00 SYN URGP=0 OPT
(020405B401010402)
Sep 21 13:17:16 host301 kernel: ** IN_TCP DROP ** IN=eth1 OUT=
MAC=00:30:48:29:d4:11:00:d0:02:76:c8:00:08:00 SRC=XXX.XXX.XXX.XXX
DST=69.93.196.212 LEN=48 TOS=0x04 PREC=0x00 TTL=120 ID=30912 DF
PROTO=TCP SPT=4791 DPT=2100 WINDOW=16384 RES=0x00 SYN URGP=0 OPT
(020405B401010402)
Sep 21 13:17:16 host301 kernel: ** IN_TCP DROP ** IN=eth1 OUT=
MAC=00:30:48:29:d4:11:00:d0:02:76:c8:00:08:00 SRC=XXX.XXX.XXX.XXX
DST=69.93.196.221 LEN=48 TOS=0x04 PREC=0x00 TTL=120 ID=30933 DF
PROTO=TCP SPT=4800 DPT=2100 WINDOW=16384 RES=0x00 SYN URGP=0 OPT
(020405B401010402)
Sep 21 13:17:16 host301 kernel: ** IN_TCP DROP ** IN=eth1 OUT=
MAC=00:30:48:29:d4:11:00:d0:02:76:c8:00:08:00 SRC=XXX.XXX.XXX.XXX
DST=69.93.196.213 LEN=48 TOS=0x04 PREC=0x00 TTL=120 ID=30937 DF
PROTO=TCP SPT=4792 DPT=2100 WINDOW=16384 RES=0x00 SYN URGP=0 OPT
(020405B401010402)