[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Fwd: Re: Massive Attacks
- Subject: [cobalt-users] Fwd: Re: Massive Attacks
- From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri May 3 13:03:36 2002
- Organization: Front Street Networks LLC
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
On Friday 03 May 2002 11:54 am, Rick wrote:
> Hi,
> My servers are being hit and receiving a 2MBPS traffic as shown on MRTG.
> could you me with my problem and how do i fix it.
> I have seen this when i do a tail -f /var/log/messages
>
> May 3 21:35:59 dom3 proftpd[3199]: 202.126.189.11
> (adsl72.dyn226.pacific.net.sg[210.24.226.72]) - no such user 'bye'
> May 3 21:35:59 dom3 proftpd[3199]: 202.126.189.11
> (adsl72.dyn226.pacific.net.sg[210.24.226.72]) - no such user 'bye'
> May 3 21:40:38 dom3 proftpd[3199]: 202.126.189.11
> (adsl72.dyn226.pacific.net.sg[210.24.226.72]) - FTP login timed out,
> disconnected.
> May 3 21:58:49 dom3 pidof[5146]: can't read sid from /proc/5034/stat
>
> could 210.24.226.72 be the attacked hitting me ?
> Or, how else could i prevent the attack and detect who is hitting me ?
edit /etc/hosts.deny [as root]
enter
in.proftpd : adsl72.dyn226.pacific.net.sg
You will still get a buch of denied messages though...
or
if you have ipchains installed
/sbin/ipchains A input -s 224.0.0.0/8 -d 0/0 -j DENY
--
Gerald Waugh : Registered Linux user # 255245
http://www.frontstreetnetworks.com
Front Street Networks LLC - ph. 203.785.0699
229 Front Street, Ste. #C, New Haven, CT, United States of America
12:03pm up 42 days, 19:30, 3 users, load average: 1.01, 1.23, 1.31