Security Basics mailing list archives

Dos Attack

From: "Craig Spiers" <craig () concept net nz>
Date: Fri, 12 Mar 2004 13:58:43 +1300

Hi All,

We are a small ISP located in auckland new zealand.. One of our broadband
clients are currently causing our network to to practically be down outside
of new zealand due to the large amount of traffic.

The offender is connected on the following IP Address..
adsl-068-209-154-249.sip.btr.bellsouth.net

Bellsouth.net have failed to respond. 

Our router shows the following floodnet under his control attacking our
network.

I have null-routed the destination address that is being attacked, to avoid
it spreading to the rest of our network.. Any ideas who I can contact above
bellsouth to get a stop put to this ? We are loosing a lot of money, due to
SLA's etc.

Also attached is an IRC log relating to the dos attack..
 
http://www.mystic.net.nz/~deejay/logs.txt
 
Times are in NZDT


SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP
Pkts
Fa3/0         202.143.18.249  Null          218.101.56.150  06 0747 1A0B
1
Fa3/0         4.250.66.98     Null          218.101.56.150  06 0489 1A0B
1
Fa2/0         209.213.143.253 Fa0/0         202.127.8.1     11 0035 0035
1
Fa3/0         24.235.177.240  Null          218.101.56.150  06 03FF 1A0B
1
Fa3/0         208.47.17.5     Null          218.101.56.150  06 9985 1A0B
1
Fa2/0         209.213.143.253 Fa0/0         202.127.8.2     11 0035 0035
2
Fa3/0         213.137.38.156  Null          218.101.56.150  06 06E7 1A0B
1
Fa3/0         208.47.17.5     Null          218.101.56.150  06 9984 1A0B
1
 
SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP
Pkts
Fa3/0         208.47.17.5     Null          218.101.56.150  06 9987 1A0B
1
Fa3/0         208.47.17.5     Null          218.101.56.150  06 9986 1A0B
1
Fa3/0         208.47.17.5     Null          218.101.56.150  06 9989 1A0B
1
Fa3/0         142.160.9.208   Null          218.101.56.150  06 0720 1A0B
1
Fa3/0         208.47.17.5     Null          218.101.56.150  06 9988 1A0B
1
Fa3/0         208.47.17.5     Null          218.101.56.150  06 998B 1A0B
1
Fa3/0         13.181.224.189  Null          218.101.56.150  06 06FF 1A0B
1
Fa3/0         208.47.17.5     Null          218.101.56.150  06 998D 1A0B
1
Fa3/0         154.26.185.218  Null          218.101.56.150  06 05A3 1A0B
1
Fa3/0         167.39.210.93   Null          218.101.56.150  06 0790 1A0B
1
Fa3/0         208.47.17.5     Null          218.101.56.150  06 998F 1A0B
1
Fa3/0         208.47.17.5     Null          218.101.56.150  06 998E 1A0B
1
Fa3/0         208.47.17.5     Null          218.101.56.150  06 9990 1A0B
1
Fa3/0         213.43.94.79    Null          218.101.56.150  06 07CD 1A0B
1
Fa3/0         145.220.105.129 Null          218.101.56.150  06 07AF 1A0B
1
Fa3/0         17.105.188.208  Null          218.101.56.150  06 0778 1A0B
1
Fa3/0         141.156.165.82  Null          218.101.56.150  06 07B2 1A0B
1
Fa3/0         159.106.220.123 Null          218.101.56.150  06 043A 1A0B
1
Fa3/0         141.156.165.82  Null          218.101.56.150  06 07B1 1A0B
1
Fa3/0         53.98.122.232   Null          218.101.56.150  06 07AC 1A0B
1
Fa3/0         141.156.165.82  Null          218.101.56.150  06 07B0 1A0B
1
Fa3/0         208.47.17.5     Null          218.101.56.150  06 9999 1A0B
1
Fa3/0         208.47.17.5     Null          218.101.56.150  06 9998 1A0B
1
Fa3/0         14.174.205.107  Null          218.101.56.150  06 07B9 1A0B
1
 
SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP
Pkts
Fa3/0         208.47.17.5     Null          218.101.56.150  06 999B 1A0B
1
Fa3/0         46.11.139.18    Null          218.101.56.150  06 03F8 1A0B
1
Fa3/0         141.156.165.82  Null          218.101.56.150  06 07BC 1A0B
1
Fa3/0         46.63.68.148    Null          218.101.56.150  06 0754 1A0B
1
Fa3/0         145.148.49.182  Null          218.101.56.150  06 0413 1A0B
1
Fa3/0         54.53.107.111   Null          218.101.56.150  06 06F6 1A0B
1
Fa3/0         208.47.17.5     Null          218.101.56.150  06 999A 1A0B
1
Fa3/0         208.47.17.5     Null          218.101.56.150  06 999D 1A0B
1
Fa3/0         145.128.107.2   Null          218.101.56.150  06 03F2 1A0B
1
Fa3/0         208.47.17.5     Null          218.101.56.150  06 999C 1A0B
1
Fa3/0         208.47.17.5     Null          218.101.56.150  06 999F 1A0B
1
Fa3/0         208.47.17.5     Null          218.101.56.150  06 999E 1A0B
1
Fa3/0         62.172.30.247   Null          218.101.56.150  06 04B8 1A0B
1
Fa3/0         56.121.111.235  Null          218.101.56.150  06 0515 1A0B
1
Fa3/0         29.115.95.245   Null          218.101.56.150  06 053E 1A0B
1
Fa3/0         151.211.166.39  Null          218.101.56.150  06 055D 1A0B
1
Fa3/0         208.47.17.5     Null          218.101.56.150  06 99A5 1A0B
1
Fa3/0         64.68.92.163    Fa0/0         203.97.44.30    06 E70E 0050
1
Fa3/0         202.56.8.53     Null          218.101.56.150  06 042D 1A0B
1
Fa3/0         199.89.221.135  Null          218.101.56.150  06 0448 1A0B
1
Fa3/0         208.47.17.5     Null          218.101.56.150  06 99A7 1A0B
1
Fa3/0         141.156.165.82  Null          218.101.56.150  06 0781 1A0B
1
Fa3/0         138.62.121.251  Null          218.101.56.150  06 0794 1A0B
1
Fa3/0         205.245.174.135 Null          218.101.56.150  06 0737 1A0B
1



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

Re: FW: Legal? Road Runner proactive scanning.[Scanned], (continued)
- - - Re: FW: Legal? Road Runner proactive scanning.[Scanned] Ansgar -59cobalt- Wiechers (Mar 17)
    - Re: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 17)
    - Re: FW: Legal? Road Runner proactive scanning.[Scanned] Ansgar -59cobalt- Wiechers (Mar 18)
    - Re: FW: Legal? Road Runner proactive scanning.[Scanned] Derek Schaible (Mar 18)
    - Re: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 19)
    - RE: FW: Legal? Road Runner proactive scanning.[Scanned] David Gillett (Mar 18)
    - Re: FW: Legal? Road Runner proactive scanning.[Scanned] ~Kevin Davis³ (Mar 18)
    - Re: FW: Legal? Road Runner proactive scanning.[Scanned] Phil Brammer (Mar 19)
    - Automatically encrypting and signing to a group of people w/ Outlook 2003? Mark G. Spencer (Mar 19)
- RE: Legal? Road Runner proactive scanning.[Scanned] David Gillett (Mar 12)
- Dos Attack Craig Spiers (Mar 12)
  - Re: Dos Attack Fernando Gont (Mar 15)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Charles Otstot (Mar 12)
  - RE: FW: Legal? Road Runner proactive scanning.[Scanned] Jef Feltman (Mar 15)
    - RE: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 16)
    - Re: FW: Legal? Road Runner proactive scanning.[Scanned] Phil Brammer (Mar 17)
    - Re: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 17)
    - RE: FW: Legal? Road Runner proactive scanning.[Scanned] David Gillett (Mar 16)
    - Re: FW: Legal? Road Runner proactive scanning.[Scanned] Charles Otstot (Mar 17)
    - RE: FW: Legal? Road Runner proactive scanning.[Scanned] Jef Feltman (Mar 17)
    - RE: FW: Legal? Road Runner proactive scanning.[Scanned] David Gillett (Mar 17)

(Thread continues...)