Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 23 Apr 1997 16:56:13 -0700 (PDT)
From:      Josh Gilliam <soil@quick.net>
To:        freebsd-security@freebsd.org
Subject:   SYN flood on 3.0-CURRENT
Message-ID:  <Pine.BSF.3.96.970423164810.1232A-100000@jg.dyn.ml.org>
next in thread | raw e-mail | index | archive | help 

Today I was SYN flooded with random spoofed address. The SYN flood 
protection didn't seem to help much. Several real connections timed out
and new connections couldn't be established. Here is 100 lines of log.

Apr 23 16:37:21 jg /kernel: ipfw: 11 Allow TCP 145.92.80.33:12654 207.212.160.213:25 via tun0
Apr 23 16:37:21 jg /kernel: ipfw: 11 Allow TCP 161.165.92.55:10202 207.212.160.213:23 via tun0
Apr 23 16:37:21 jg /kernel: ipfw: 11 Allow TCP 96.176.190.87:10619 207.212.160.213:25 via tun0
Apr 23 16:37:21 jg /kernel: ipfw: 11 Allow TCP 14.52.164.59:32194 207.212.160.213:23 via tun0
Apr 23 16:37:21 jg /kernel: ipfw: 11 Allow TCP 93.243.245.39:16278 207.212.160.213:25 via tun0
Apr 23 16:37:21 jg /kernel: ipfw: 11 Allow TCP 142.117.224.14:4424 207.212.160.213:23 via tun0
Apr 23 16:37:21 jg /kernel: ipfw: 11 Allow TCP 5.202.117.2:24441 207.212.160.213:23 via tun0
Apr 23 16:37:21 jg /kernel: ipfw: 11 Allow TCP 167.222.144.96:19554 207.212.160.213:25 via tun0
Apr 23 16:37:21 jg /kernel: ipfw: 11 Allow TCP 146.103.220.10:19320 207.212.160.213:23 via tun0
Apr 23 16:37:21 jg /kernel: ipfw: 11 Allow TCP 233.181.38.101:9558 207.212.160.213:25 via tun0
Apr 23 16:37:21 jg /kernel: ipfw: 11 Allow TCP 88.128.217.126:19723 207.212.160.213:23 via tun0
Apr 23 16:37:21 jg /kernel: ipfw: 11 Allow TCP 50.69.168.47:17281 207.212.160.213:25 via tun0
Apr 23 16:37:21 jg /kernel: ipfw: 11 Allow TCP 173.167.96.30:31157 207.212.160.213:23 via tun0
Apr 23 16:37:21 jg /kernel: ipfw: 11 Allow TCP 111.209.221.60:5215 207.212.160.213:25 via tun0
Apr 23 16:37:21 jg /kernel: ipfw: 11 Allow TCP 6.162.16.49:6277 207.212.160.213:23 via tun0
Apr 23 16:37:21 jg /kernel: ipfw: 11 Allow TCP 146.125.202.71:24469 207.212.160.213:23 via tun0
Apr 23 16:37:22 jg /kernel: ipfw: 11 Allow TCP 11.108.244.5:15263 207.212.160.213:25 via tun0
Apr 23 16:37:22 jg /kernel: ipfw: 11 Allow TCP 60.64.174.58:20925 207.212.160.213:23 via tun0
Apr 23 16:37:22 jg /kernel: ipfw: 11 Allow TCP 210.20.33.40:24427 207.212.160.213:23 via tun0
Apr 23 16:37:22 jg /kernel: ipfw: 11 Allow TCP 78.172.97.43:13339 207.212.160.213:25 via tun0
Apr 23 16:37:22 jg /kernel: ipfw: 11 Allow TCP 110.195.193.86:6248 207.212.160.213:23 via tun0
Apr 23 16:37:22 jg /kernel: ipfw: 11 Allow TCP 115.207.132.24:24387 207.212.160.213:25 via tun0
Apr 23 16:37:22 jg /kernel: ipfw: 11 Allow TCP 201.91.141.67:17795 207.212.160.213:23 via tun0
Apr 23 16:37:22 jg /kernel: ipfw: 11 Allow TCP 126.99.183.70:4938 207.212.160.213:25 via tun0
Apr 23 16:37:22 jg /kernel: ipfw: 11 Allow TCP 221.128.146.114:10912 207.212.160.213:23 via tun0
Apr 23 16:37:22 jg /kernel: ipfw: 11 Allow TCP 99.68.234.109:18282 207.212.160.213:25 via tun0
Apr 23 16:37:22 jg /kernel: ipfw: 11 Allow TCP 126.172.82.102:19512 207.212.160.213:23 via tun0
Apr 23 16:37:22 jg /kernel: ipfw: 11 Allow TCP 19.13.34.48:4014 207.212.160.213:25 via tun0
Apr 23 16:37:22 jg /kernel: ipfw: 11 Allow TCP 179.242.39.84:29110 207.212.160.213:23 via tun0
Apr 23 16:37:22 jg /kernel: 7.168.201.120:13633 207.212.160.213:23 via tun0
Apr 23 16:37:22 jg /kernel: ipfw: 11 Allow TCP 146.49.185.48:11189 207.212.160.213:25 via tun0
Apr 23 16:37:22 jg /kernel: ipfw: 11 Allow TCP 216.179.193.91:8406 207.212.160.213:23 via tun0
Apr 23 16:37:22 jg /kernel: ipfw: 11 Allow TCP 231.61.241.115:12304 207.212.160.213:25 via tun0
Apr 23 16:37:22 jg /kernel: ipfw: 11 Allow TCP 161.140.44.123:23974 207.212.160.213:23 via tun0
Apr 23 16:37:22 jg /kernel: ipfw: 11 Allow TCP 64.231.251.60:16862 207.212.160.213:25 via tun0
Apr 23 16:37:22 jg /kernel: ipfw: 11 Allow TCP 97.90.128.69:22940 207.212.160.213:23 via tun0
Apr 23 16:37:22 jg /kernel: ipfw: 11 Allow TCP 255.127.2.96:21239 207.212.160.213:25 via tun0
Apr 23 16:37:22 jg /kernel: ipfw: 11 Allow TCP 193.246.132.101:26676 207.212.160.213:23 via tun0
Apr 23 16:37:22 jg /kernel: ipfw: 11 Allow TCP 87.47.155.23:21186 207.212.160.213:25 via tun0
Apr 23 16:37:22 jg /kernel: ipfw: 11 Allow TCP 67.171.212.22:24293 207.212.160.213:25 via tun0
Apr 23 16:37:22 jg /kernel: ipfw: 11 Allow TCP 160.32.175.8:12599 207.212.160.213:23 via tun0
Apr 23 16:37:22 jg /kernel: ipfw: 11 Allow TCP 225.21.114.124:13208 207.212.160.213:25 via tun0
Apr 23 16:37:22 jg /kernel: ipfw: 11 Allow TCP 150.189.128.4:16268 207.212.160.213:23 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 109.4.80.11:21451 207.212.160.213:25 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 125.0.200.34:11819 207.212.160.213:23 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 35.86.131.122:25840 207.212.160.213:25 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 176.54.229.64:4813 207.212.160.213:23 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 231.47.183.87:17244 207.212.160.213:25 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 128.152.99.86:31170 207.212.160.213:23 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 12.23.46.45:18960 207.212.160.213:25 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 215.28.22.58:4608 207.212.160.213:23 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 2.47.218.23:27951 207.212.160.213:25 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 243.242.80.9:15296 207.212.160.213:23 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 178.252.27.75:27216 207.212.160.213:25 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 151.123.214.116:24225 207.212.160.213:23 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 196.109.9.3:21814 207.212.160.213:25 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 149.242.32.106:13930 207.212.160.213:23 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 99.178.230.34:21888 207.212.160.213:25 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 191.222.19.94:28204 207.212.160.213:23 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 129.43.106.119:31557 207.212.160.213:25 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 146.214.218.98:19931 207.212.160.213:23 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 146.108.146.27:16277 207.212.160.213:25 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 193.212.140.94:4433 207.212.160.213:23 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 130.105.74.113:6316 207.212.160.213:25 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 210.170.205.51:14492 207.212.160.213:23 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 116.143.155.11:26967 207.212.160.213:25 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 20.101.68.72:26901 207.212.160.213:25 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 148.140.64.50:10471 207.212.160.213:23 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 170.194.136.15:7362 207.212.160.213:23 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 192.246.253.81:5318 207.212.160.213:25 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 5.168.204.50:4220 207.212.160.213:23 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 225.160.116.119:13620 207.212.160.213:25 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 118.55.121.26:7392 207.212.160.213:23 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 200.201.17.57:2877 207.212.160.213:25 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 116.219.213.11:19762 207.212.160.213:23 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 16.67.114.120:10218 207.212.160.213:25 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 104.109.241.94:9528 207.212.160.213:23 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 42.145.56.0:12777 207.212.160.213:25 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 63.222.254.51:12889 207.212.160.213:23 via tun0
Apr 23 16:37:23 jg /kernel: ipfw: 11 Allow TCP 39.237.167.80:12363 207.212.160.213:25 via tun0
Apr 23 16:37:24 jg /kernel: ipfw: 11 Allow TCP 237.212.97.3:24782 207.212.160.213:23 via tun0
Apr 23 16:37:24 jg /kernel: ipfw: 11 Allow TCP 105.178.66.6:26084 207.212.160.213:25 via tun0
Apr 23 16:37:24 jg /kernel: ipfw: 11 Allow TCP 157.180.36.113:15547 207.212.160.213:23 via tun0
Apr 23 16:37:24 jg /kernel: ipfw: 11 Allow TCP 125.206.88.77:3092 207.212.160.213:25 via tun0
Apr 23 16:37:24 jg /kernel: ipfw: 11 Allow TCP 187.252.250.101:27967 207.212.160.213:23 via tun0
Apr 23 16:37:24 jg /kernel: ipfw: 11 Allow TCP 237.186.225.47:8671 207.212.160.213:25 via tun0
Apr 23 16:37:24 jg /kernel: ipfw: 11 Allow TCP 215.118.22.46:2344 207.212.160.213:23 via tun0
Apr 23 16:37:24 jg /kernel: ipfw: 11 Allow TCP 16.35.186.74:26246 207.212.160.213:25 via tun0
Apr 23 16:37:24 jg /kernel: ipfw: 11 Allow TCP 249.113.179.40:9593 207.212.160.213:23 via tun0
Apr 23 16:37:24 jg /kernel: ipfw: 11 Allow TCP 83.66.22.38:7212 207.212.160.213:25 via tun0
Apr 23 16:37:24 jg /kernel: ipfw: 11 Allow TCP 158.191.76.58:21988 207.212.160.213:23 via tun0
Apr 23 16:37:24 jg /kernel: ipfw: 11 Allow TCP 108.192.49.72:13182 207.212.160.213:25 via tun0
Apr 23 16:37:24 jg /kernel: ipfw: 11 Allow TCP 80.177.87.107:32398 207.212.160.213:23 via tun0
Apr 23 16:37:24 jg /kernel: ipfw: 11 Allow TCP 11.103.75.2:14694 207.212.160.213:25 via tun0
Apr 23 16:37:24 jg /kernel: ipfw: 11 Allow TCP 31.75.87.126:1714 207.212.160.213:23 via tun0
Apr 23 16:37:24 jg /kernel: ipfw: 11 Allow TCP 95.8.73.19:11278 207.212.160.213:25 via tun0
Apr 23 16:37:24 jg /kernel: ipfw: 11 Allow TCP 62.46.188.76:9683 207.212.160.213:23 via tun0
Apr 23 16:37:24 jg /kernel: ipfw: 11 Allow TCP 102.127.57.58:3266 207.212.160.213:25 via tun0
Apr 23 16:37:24 jg /kernel: ipfw: 11 Allow TCP 237.96.5.36:17904 207.212.160.213:23 via tun0
Apr 23 16:37:24 jg /kernel: ipfw: 11 Allow TCP 102.95.96.60:3398 207.212.160.213:25 via tun0


--
Josh Gilliam
Orange, California, USA
soil@quick.net

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.970423164810.1232A-100000>