[Dshield] re: Does anyone recognize what these ip's are trying to do w/ my server?

Chew, Freeland (Roanoke) FChew at ecpi.edu
Tue Jul 24 16:28:37 GMT 2001


I have seen something like this also -- on several occassions from different
IRC servers.  When I contacted the the owner of the machines they indicated
that they had been regularly experiencing DOS attacks with packets spoofed
from my subnet and thus their server was naturally responding to where it
thought the packets were coming from.

Buddy Chew

-----Original Message-----
From: Dan Stetser [mailto:dan at pacinternet.com]
Sent: Sunday, July 22, 2001 5:04 PM
To: dshield at dshield.org
Subject: [Dshield] Log ID and Template question...


Does anyone recognize what these ip's are trying to do w/ my server?

Jul 22 09:04:44 pohakea kernel: Packet log: input REJECT eth0 PROTO=6 
129.250.240.197:6667 206.126.3.14:62539 L=40 S=0x00 I=19378 F=0x4000 T=54
Jul 22 09:27:35 pohakea kernel: Packet log: input REJECT eth0 PROTO=6 
194.47.161.38:6667 206.126.3.14:62711 L=40 S=0x00 I=19059 F=0x4000 T=37
Jul 22 09:12:33 pohakea kernel: Packet log: input REJECT eth0 PROTO=6 
195.159.0.91:6667 206.126.3.14:62623 L=40 S=0x00 I=22974 F=0x4000 T=43
Jul 22 09:21:51 pohakea kernel: Packet log: input REJECT eth0 PROTO=6 
207.96.122.252:6667 206.126.3.14:62640 L=44 S=0x00 I=65459 F=0x4000 T=43
Jul 22 09:03:13 pohakea kernel: Packet log: input REJECT eth0 PROTO=6 
209.116.7.98:6667 206.126.3.14:62537 L=40 S=0x00 I=20764 F=0x4000 T=48
Jul 22 09:37:25 pohakea kernel: Packet log: input REJECT eth0 PROTO=6 
65.161.40.142:6667 206.126.3.14:62726 L=48 S=0x00 I=0 F=0x4000 T=45

I'm not involved w/IRC clients or servers so don't know what's causing this 
traffic?

I'm getting fed up w/ the dozen or so IP's that continue this barrage....

Does anyone know of any abuse templates I could tweak to forward
to the RP's involved?

Thanks



**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************




More information about the list mailing list