Site Navigation

Date:      Sat,  7 Feb 2004 01:59:14 -0400
From:      "" <jhernandez@progrexive.com>
To:        "" <freebsd-security@freebsd.org>
Subject:   SYN Attacks - how i cant stop it
Message-ID:  <1076133554.40247eb21c430@webmail.icenetworks.com>
In-Reply-To: <20040206212310.GJ94075@binary.net>
References:  <0FDD52D38220D611B7CC0004763B3744F80821@HNTS-04> <4023AD12.6070106@sitetronics.com> <6.0.0.22.2.20040206104336.0587c5a0@localhost> <20040206151109.S921@cithaeron.argolis.org> <6.0.0.22.2.20040206132723.058bf848@localhost> <20040206212310.GJ94075@binary.net>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

How i cant stop the SYN and Port Scanner Attacks. I have a attacks all nights. 
Check this.

Feb  6 11:54:24 TCP: port scan detected [port 6667] from 212.165.80.117 [ports
63432,63453,63466,63499,63522,...]
Feb  6 11:58:09 TCP: port scan mode expired for 212.165.80.117 - received a
total of 38 packets (1064 bytes).
Feb  6 12:02:33 ICMP: ping flood mode expired for 65.23.218.180 - received a
total of 562 packets (22480 bytes).
Feb  6 12:09:51 TCP: port scan detected [port 6667] from 200.37.75.236 [ports
3192,3247,3309,3362,3421,...]
Feb  6 12:11:21 TCP: port scan detected [port 6667] from 80.139.185.241 [ports
3114,3514,3960,4360,4795,...]
Feb  6 12:12:17 TCP: port scan mode expired for 200.37.75.236 - received a total
of 27 packets (756 bytes).
Feb  6 12:19:47 TCP: port scan detected [port 6667] from 80.15.16.77 [ports
3048,3471,3819,4259,4648,...]
Feb  6 12:23:58 TCP: port scan detected [port 6667] from 213.6.123.252 [ports
3129,3947,4690,3577,4343,...]
Feb  6 12:25:52 TCP: port scan mode expired for 80.15.16.77 - received a total
of 60 packets (1680 bytes).
Feb  6 12:31:54 TCP: port scan detected [port 6667] from 212.165.80.117 [ports
61345,61356,61370,61386,61408,...]
Feb  6 12:32:04 TCP: port scan detected [port 6667] from 213.6.125.34 [ports
1157,1509,1928,2294,2741,...]
Feb  6 12:33:39 TCP: port scan detected [port 6667] from 200.81.81.174 [ports
4917,4918,4927,4931,4935,...]
Feb  6 12:34:22 TCP: port scan mode expired for 212.165.80.117 - received a
total of 26 packets (728 bytes).
Feb  6 12:34:44 TCP: port scan mode expired for 200.81.81.174 - received a total
of 16 packets (448 bytes).
Feb  6 12:42:00 TCP: port scan mode expired for 213.6.125.34 - received a total
of 93 packets (2604 bytes).
Feb  6 12:44:45 TCP: port scan mode expired for 213.6.123.252 - received a total
of 186 packets (5208 bytes).
Feb  6 12:45:22 TCP: port scan detected [port 6667] from 200.106.106.207 [ports
18072,18091,18113,18157,18172,...]
Feb  6 12:49:16 TCP: port scan detected [port 6667] from 200.49.217.132 [ports
4124,4143,4157,4174,4198,...]
Feb  6 12:53:29 TCP: port scan mode expired for 80.139.185.241 - received a
total of 369 packets (11808 bytes).
Feb  6 13:00:16 TCP: port scan detected [port 9999] from 204.117.88.37 [ports
4568,4571,4572,4573,4574,...]
Feb  6 13:01:29 TCP: port scan mode expired for 204.117.88.37 - received a total
of 352 packets (9856 bytes).
Feb  6 13:01:52 TCP: port scan detected [port 9999] from 204.117.88.43 [ports
4883,4885,4886,4887,4888,...]
Feb  6 13:02:54 TCP: port scan mode expired for 204.117.88.43 - received a total
of 261 packets (7308 bytes).
Feb  6 13:04:56 TCP: port scan mode expired for 200.49.217.132 - received a
total of 125 packets (3500 bytes).
Feb  6 13:16:37 TCP: port scan mode expired for 200.106.106.207 - received a
total of 243 packets (6804 bytes).
Feb  6 13:26:16 TCP: port scan detected [port 6667] from 200.81.85.232 [ports
1077,1078,1080,1081]
Feb  6 13:27:16 TCP: port scan mode expired for 200.81.85.232 - received a total
of 16 packets (448 bytes).
Feb  6 13:28:11 TCP: port scan detected [port 6667] from 80.38.110.228 [ports
1040,1494,1901,2310,2695,...]
Feb  6 13:33:00 TCP: SYN scan mode expired for pD952BE7F.dip.t-dialin.net
(217.82.190.127) - received a total of 1073 packets
Feb  6 13:33:17 TCP: port scan mode expired for
ANancy-106-1-4-183.w81-248.abo.wanadoo.fr (81.248.192.183) - received a total
Feb  6 13:35:33 TCP: port scan mode expired for
host231-253.pool8175.interbusiness.it (81.75.253.231) - received a total of 25
Feb  6 13:44:25 ICMP: ping flood mode expired for 210.92.221.49 - received a
total of 468 packets (30657744 bytes).
Feb  6 13:46:13 TCP: port scan detected [port 6667] from A7b25.a.pppool.de
(213.6.123.37) [ports 3485,3573,3763,4159,4297,...]
Feb  6 13:54:26 TCP: port scan detected [port 6667] from
host231-253.pool8175.interbusiness.it (81.75.253.231) [ports 1070,352
Feb  6 14:35:56 TCP: port scan mode expired for
host231-253.pool8175.interbusiness.it (81.75.253.231) - received a total of 12
Feb  6 14:46:39 TCP: port scan mode expired for
228.Red-80-38-110.pooles.rima-tde.net (80.38.110.228) - received a total of 18
Feb  6 14:50:45 TCP: port scan detected [port 6667] from A7c22.a.pppool.de
(213.6.124.34) [ports 3326,3553,3604,3791,3846,...]
Feb  6 14:56:25 ICMP: ping flood detected from 210.92.221.49

Regards,
Jean



-------------------------------------------------
This mail sent through ICENetworks.com: http://www.icenetworks.com

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1076133554.40247eb21c430>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact