[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Gordon Henderson wrote: > On Thu, 23 Jul 2009, Simon Waters wrote: > > >> Gordon Henderson wrote: >> >>> Seeing very few anonymous attempts right now. Several dictionary attacks >>> from Belgium... and one site trying to connect as "USER Administrator" >>> 7000 times in the past week... (From somewhere in Indonesia) >>> >> Do you not kill such attempts using fail2ban or similar. >> > > Sometimes. Not usually an issue though. Creates yet another log-file to > look at.. > > Got more on my plate right now though - someone has decided to DDoS one of > my servers )-: Almost wiped me out earlier. Took my connection up to > 60Mb/sec and 100,000 packets/sec )-: It would have been more but my poor > Linux routers met their match. (more in terms of pps than b/w - they'll > route 100Mb/sec OK if it's a sensible sized packets!) This was a SYN flood > attack aimed at just one IP address & port 80. > > Fortunately I have an understanding ISP who were clued up enough to be > able to black-home the incoming data at their borders for me earler - > re-enabled now, but it's still going on... > > However, it's dying off now - currently down to about 5Mb/sec. Got a > capture - 79 unique hosts in 10,000 packets. (if I trust the hosts not to > be forged!) I'd hate to think what it was at it's peak. All those PCs, all > over the world pumping out data. What a waste... And I know I'd like to > blame Win PCs, but I've seen DDoS code for Linux (installed on my own > servers thanks to buggy phpBB!) - there are countless Linux hosts out > there too, part of zombie networks, just waiting for a command... > > Why? Who knows )-: B'stards. > Either you've offended them somehow, they've got the wrong IP or you may be contacted for money to stop it happening again! Tom te tom te tom -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html