• There seems to be an uptick in Political comments in recent months. Those of us who are long time members of the site know that Political and Religious content has been banned for years. Nothing has changed. Please leave all political and religious comments out of the forums.

    If you recently joined the forums you were not presented with this restriction in the terms of service. This was due to a conversion error when we went from vBulletin to Xenforo. We have updated our terms of service to reflect these corrections.

    Please note any post refering to a politician will be considered political even if it is intended to be humor. Our experience is these topics have a way of dividing the forums and causing deep resentment among members. It is a poison to the community. We appreciate compliance with the rules.

    The Staff of SOH

  • Server side Maintenance is done. We still have an update to the forum software to run but that one will have to wait for a better time.

new attack

I have gone through the dns logs and also monitored the server and found that this is one of the DNS amplification attack over/through our server. In this weekend attack, somebody is trying to use our DNS server to flood somebody else. In this case it will be “denied” packet and it will still go to the flood target, not to mention flooding of our syslog messages log and steal bandwidth from our server.

In order to lock down such attack I disabled the recursion, that is set allow-recursion to "none;" on the server.
I will see what happens tomorrow.
 
they never stop, here is a new one Port Flood lucky my scripts caught and banned him/her/it

Time: Mon Feb 10 19:20:26 2014 -0500
IP: 23.29.118.202 (US/United States/23-29-118-202-customer-incero.com)
Hits: 4
Blocked: Permanent Block

Sample of block hits:
Feb 10 19:20:20 ns1 kernel: Firewall: *Port Flood* IN=eth0 OUT= MAC=00:24:e8:6b:c7:f8:00:17:df:59:3c:40:08:00 SRC=23.29.118.202 DST=72.233.76.234 LEN=52 TOS=0x00 PREC=0x00 TTL=119 ID=28535 DF PROTO=TCP SPT=55571 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 Feb 10 19:20:20 ns1 kernel: Firewall: *Port Flood* IN=eth0 OUT= MAC=00:24:e8:6b:c7:f8:00:17:df:59:3c:40:08:00 SRC=23.29.118.202 DST=72.233.76.234 LEN=52 TOS=0x00 PREC=0x00 TTL=119 ID=28539 DF PROTO=TCP SPT=55572 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 Feb 10 19:20:20 ns1 kernel: Firewall: *Port Flood* IN=eth0 OUT= MAC=00:24:e8:6b:c7:f8:00:17:df:59:3c:40:08:00 SRC=23.29.118.202 DST=72.233.76.234 LEN=52 TOS=0x00 PREC=0x00 TTL=119 ID=28543 DF PROTO=TCP SPT=55573 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 Feb 10 19:20:20 ns1 kernel: Firewall: *Port Flood* IN=eth0 OUT= MAC=00:24:e8:6b:c7:f8:00:17:df:59:3c:40:08:00 SRC=23.29.118.202 DST=72.233.76.234 LEN=52 TOS=0x00 PREC=0x00 TTL=119 ID=28546 DF PROTO=TCP SPT=55574 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0

same script
Time: Mon Feb 10 19:23:19 2014 -0500
IP: 82.122.153.121 (FR/France/AGrenoble-651-1-449-121.w82-122.abo.wanadoo.fr)
Hits: 4
Blocked: Permanent Block


same script
Time: Mon Feb 10 19:23:45 2014 -0500
IP: 75.142.31.241 (US/United States/75-142-31-241.dhcp.mdfd.or.charter.com)
Hits: 4
Blocked: Permanent Block


same script
Time: Mon Feb 10 19:24:10 2014 -0500
IP: 75.80.243.60 (US/United States/cpe-75-80-243-60.dc.res.rr.com)
Hits: 4
Blocked: Permanent Block
 
no because it started 4-5 months ago with new tactics, it is a shame my country is doing this to other countries, and they are fighting back, than others got into the fight to prove they can too.
I say enough is enough, it is time to ban all ip's connected with this bull crap.
Go to a new system where we the user has to buy their IP and it is held responsible for their actions.

attack map note move slider at bottom to today
http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&time=16114&view=map
 
Glad your staying frosty as usual, Ron, thanks... but be advised: things are acting "funny" here this day. Have been unable to log out for several minutes, though was immediately able to log out from gmail & other sites during the "lock-up". Software change adjustment/attack/bug? Unsure, but am assuring you it is so. 'Preciate you being on top of things, you're better at it than most, in my estimation.
 
we know about slow, we made it this way.
I would rather have slow ..... to ...... hacked.
 
Ickie said:
we know about slow, we made it this way.
I would rather have slow ..... to ...... hacked.
Click to expand...

Hey Ron- Whatever you believe will not change truth.
2 minutes of that leeta dealie a-spinnin' whilst continuing to wait to be signed out?


No way, man.


'Tis different today though, see? ...

.
 
You must log in or register to reply here.
Back
Top