[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] DoS attack???
- Subject: Re: [cobalt-users] DoS attack???
- From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
- Date: Sun Jan 12 00:32:00 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
ML> Date: Sat, 11 Jan 2003 22:57:28 -0600 (CST)
ML> From: Mike's List
ML> I'm getting a lot of the below, looks like someone is going through
ML> all the domains and IPs on my cobalt (via www) --is this normal or
ML> someone is scanning my ports or DoS attack my web server?
Sounds like a portscan. How many PPS are you seeing? If it's a
high number, it could be a SYN flood, but I'd be more inclined to
believe a portscan.
ML> I have place the IP in /etc/hosts.deny --ALL: 216.127.82.97 but stills
ML> see more connections when I'm doing netstat...any clues/ideas?
Conspiracy theory:
216.127.82.97 = Everyone's Internet ~= RackShack
I wonder if a RackShack customer is warscanning for websites,
perhaps to cull email addresses for a spamming run. It happens.
Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@xxxxxxxxx>
To: blacklist@xxxxxxxxx
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@xxxxxxxxx>, or you are likely to
be blocked.