[Dshield] continueing attacks (Angela)

David Stigers Davicrockit at netscape.net
Mon Mar 11 16:35:15 GMT 2002


Folks,
Last week and this morning our network has been under a constant but still denied attack. Below are some of the ports and the ip #s from where they are coming from. My firebox is holding for now...we have at least four different attackers or they are bouncing around everywhere to strike at us. Any info about this would greatly be appreciated. Sorry I have to use my own web email to send this but our email is down and I think it is due to the hacks. The only ports open are 25 & 80. I hope, as well as my partner Brad Shifflet, that we can keep our service up and going.  My email address here at work is dstigers at kaco.org but it is not working now.
Here are the logs...
 
03/11/02 07:57  firewalld[105]:  deny in eth0 647 udp 20 50 205.188.228.33 66.147.xxx.69 8230 6970 (default)
03/11/02 07:57  firewalld[105]:  deny in eth0 638 udp 20 50 205.188.228.33 66.147.xxx.69 8230 6970 (default)
03/11/02 07:57  firewalld[105]:  deny in eth0 638 udp 20 50 205.188.228.33 66.147.xxx.69 8230 6970 (default)
03/11/02 07:57  firewalld[105]:  deny in eth0 638 udp 20 50 205.188.228.33 66.147.xxx.69 8230 6970 (default)
03/11/02 07:57  firewalld[105]:  deny in eth0 638 udp 20 50 205.188.228.33 66.147.xxx.69 8230 6970 (default)


03/11/02 07:58  firewalld[105]:  deny in eth0 503 udp 20 51 209.246.122.135 66.147.xxx.69 11918 6970 (default)
03/11/02 07:58  firewalld[105]:  deny in eth0 503 udp 20 51 209.246.122.135 66.147.xxx.69 11918 6970 (default)
03/11/02 07:58  firewalld[105]:  deny in eth0 503 udp 20 51 209.246.122.135 66.147.xxx.69 11918 6970 (default)
03/11/02 07:58  firewalld[105]:  deny in eth0 503 udp 20 51 209.246.122.135 66.147.xxx.69 11918 6970 (default)
03/11/02 07:58  firewalld[105]:  deny in eth0 503 udp 20 51 209.246.122.135 66.147.xxx.69 11918 6970 (default)
03/11/02 08:07  firewalld[105]:  deny in eth0 638 udp 20 52 205.188.228.65 66.147.xxx.69 8056 6970 (default)

03/11/02 08:07  firewalld[105]:  deny in eth0 638 udp 20 52 205.188.228.65 66.147.xxx.69 8056 6970 (default)
03/11/02 08:07  firewalld[105]:  deny in eth0 638 udp 20 52 205.188.228.65 66.147.xxx.69 8056 6970 (default)
03/11/02 08:07  firewalld[105]:  deny in eth0 638 udp 20 52 205.188.228.65 66.147.xxx.69 8056 6970 (default)
03/11/02 08:07  firewalld[105]:  deny in eth0 647 udp 20 52 205.188.228.65 66.147.xxx.69 8056 6970 (default)

03/11/02 08:07  firewalld[105]:  deny in eth0 638 udp 20 52 205.188.228.65 66.147.xxx.69 8056 6970 (default)


03/11/02 08:23  firewalld[105]:  deny in eth0 638 udp 20 52 205.188.228.17 66.147.xxx.69 30204 6970 (default)
03/11/02 08:23  firewalld[105]:  deny in eth0 638 udp 20 52 205.188.228.17 66.147.xxx.69 30204 6970 (default)
03/11/02 08:23  firewalld[105]:  deny in eth0 647 udp 20 52 205.188.228.17 66.147.xxx.69 30204 6970 (default)
03/11/02 08:23  firewalld[105]:  deny in eth0 638 udp 20 52 205.188.228.17 66.147.xxx.69 30204 6970 (default)
03/11/02 08:23  firewalld[105]:  deny in eth0 638 udp 20 52 205.188.228.17 66.147.xxx.69 30204 6970 (default)
03/11/02 08:23  firewalld[105]:  deny in eth0 638 udp 20 52 205.188.228.17 66.147.xxx.69 30204 6970 (default)
03/11/02 08:23  firewalld[105]:  deny in eth0 638 udp 20 52 205.188.228.17 66.147.xxx.69 30204 6970 (default)


03/11/02 08:24  firewalld[105]:  deny in eth0 48 tcp 20 50 10.1.1.68 66.147.xxx.69 80 9897 syn ack (blocked site)
03/11/02 08:26  firewalld[105]:  deny in eth0 48 tcp 20 50 10.1.1.68 66.147.xxx.69 80 9897 syn ack (blocked site)
03/11/02 08:26  firewalld[105]:  deny in eth0 48 tcp 20 50 10.1.1.68 66.147.xxx.69 80 9897 syn ack (blocked site)


03/11/02 09:14  firewalld[105]:  deny in eth0 60 tcp 20 52 64.112.189.41 66.147.xxx.69 1848 113 syn (default)

03/11/02 09:27  firewalld[105]:  deny in eth0 44 tcp 20 52 66.111.75.234 66.147.xxx.69 3688 113 syn (default)
03/11/02 09:27  firewalld[105]:  deny in eth0 44 tcp 20 52 66.111.75.234 66.147.xxx.69 3688 113 syn (default)



03/11/02 10:09  firewalld[105]:  deny in eth0 647 udp 20 52 205.188.228.33 66.147.xxx.69 11282 6970 (default)
03/11/02 10:09  firewalld[105]:  deny in eth0 638 udp 20 52 205.188.228.33 66.147.xxx.69 11282 6970 (default)
03/11/02 10:09  firewalld[105]:  deny in eth0 638 udp 20 52 205.188.228.33 66.147.xxx.69 11282 6970 (default)
03/11/02 10:09  firewalld[105]:  deny in eth0 638 udp 20 52 205.188.228.33 66.147.xxx.69 11282 6970 (default)
03/11/02 10:09  firewalld[105]:  deny in eth0 638 udp 20 52 205.188.228.33 66.147.xxx.69 11282 6970 (default)
03/11/02 10:09  firewalld[105]:  deny in eth0 647 udp 20 52 205.188.228.33 66.147.xxx.69 11282 6970 (default)



03/11/02 07:58  firewalld[105]:  deny in eth0 503 udp 20 51 209.246.122.135 66.147.xxx.69 11918 6970 (default)
03/11/02 10:13  firewalld[105]:  deny in eth0 48 tcp 20 107 212.83.94.147 66.147.xxx.64 4243 21 syn (FTP)
03/11/02 10:13  firewalld[105]:  deny in eth0:0 48 tcp 20 105 212.83.94.147 66.147.xxx.67 4246 21 syn (FTP)
03/11/02 10:13  firewalld[105]:  deny in eth0:1 48 tcp 20 105 212.83.94.147 66.147.xxx.68 4247 21 syn (FTP)
03/11/02 10:13  firewalld[105]:  deny in eth0 48 tcp 20 105 212.83.94.147 66.147.xxx.69 4248 21 syn (FTP)
03/11/02 10:13  firewalld[105]:  deny in eth0:2 48 tcp 20 105 212.83.94.147 66.147.xxx.71 4250 21 syn (FTP)
03/11/02 10:13  firewalld[105]:  deny in eth0 48 tcp 20 107 212.83.94.147 66.147.xxx.64 4243 21 syn (FTP)
03/11/02 10:13  firewalld[105]:  deny in eth0 48 tcp 20 107 212.83.94.147 66.147.xxx.79 4258 21 syn (FTP)
03/11/02 10:13  firewalld[105]:  deny in eth0 48 tcp 20 107 212.83.94.147 66.147.xxx.64 4243 21 syn (FTP)
03/11/02 10:13  firewalld[105]:  deny in eth0 48 tcp 20 107 212.83.94.147 66.147.xxx.79 4258 21 syn (FTP)
03/11/02 10:13  firewalld[105]:  deny in eth0 48 tcp 20 107 212.83.94.147 66.147.xxx.79 4258 21 syn (FTP)
03/11/02 10:13  firewalld[105]:  deny in eth0:0 48 tcp 20 105 212.83.94.147 66.147.xxx.67 4246 21 syn (FTP)
03/11/02 10:13  firewalld[105]:  deny in eth0:1 48 tcp 20 105 212.83.94.147 66.147.xxx.68 4247 21 syn (FTP)
03/11/02 10:13  firewalld[105]:  deny in eth0 48 tcp 20 105 212.83.94.147 66.147.xxx.69 4248 21 syn (FTP)
03/11/02 10:13  firewalld[105]:  deny in eth0:2 48 tcp 20 105 212.83.94.147 66.147.xxx.71 4250 21 syn (FTP)

03/11/02 10:40  firewalld[105]:  deny in eth0 48 tcp 20 110 200.64.100.213 66.147.xxx.79 3938 80 syn (Filtered-HTTP)
03/11/02 10:40  firewalld[105]:  deny in eth0 48 tcp 20 110 200.64.100.213 66.147.xxx.79 3938 80 syn (Filtered-HTTP)
03/11/02 10:40  firewalld[105]:  deny in eth0 48 tcp 20 110 200.64.100.213 66.147.xxx.79 3938 80 syn (Filtered-HTTP)
-- 
---------------------------
Davicrockit 
David E. Stigers 
8946 Owenton Road
Frankfort, KY 40601
502.223.8271
---------------------------



__________________________________________________________________
Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop at Netscape! http://shopnow.netscape.com/

Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/




More information about the list mailing list