[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] DoS attack???
- Subject: [cobalt-users] DoS attack???
- From: "Mike's List" <mikelist@xxxxxxx>
- Date: Sat Jan 11 21:01:01 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
I'm getting a lot of the below, looks like someone is going through
all the domains and IPs on my cobalt (via www) --is this normal or
someone is scanning my ports or DoS attack my web server?
I have place the IP in /etc/hosts.deny --ALL: 216.127.82.97 but stills
see more connections when I'm doing netstat...any clues/ideas?
- Mike
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 domain.com:www 216.127.82.97:42900 SYN_RECV
tcp 0 0 domain.com:www 216.127.82.97:52339 SYN_RECV
tcp 0 0 domain.com:www 216.127.82.97:6732 SYN_RECV
tcp 0 0 domain.com:www 216.127.82.97:41460 SYN_RECV
tcp 0 0 x.x.x.x:www 216.127.82.97:49470 SYN_RECV
tcp 0 0 domain.com:www 216.127.82.97:62601 SYN_RECV
tcp 0 0 domain.com:www 216.127.82.97:47879 SYN_RECV
tcp 0 0 domain.com:www 216.127.82.97:62873 SYN_RECV
tcp 0 0 domain.com:www 216.127.82.97:234 SYN_RECV
tcp 0 0 domain.com:www 216.127.82.97:38978 SYN_RECV