[nsp-sec] 80/tcp synflood to 203.202.1.63

Scott A. McIntyre scott at howyagoin.net
Tue Mar 13 23:25:43 EDT 2012 


Hi all,

203.202.1.63 is currently feeling a 30K/second SYN flood to 80/tcp and would appreciate some eyes looking for sources, C&C, etc.  Below is a tiny snippet from the logs, and NOT representative of the total number of unique sources (working on that) but if anyone has any intel or ability to offer assistance it would be sincerely appreciated.

I'm not the destination here, I'm just helping some friends out.  The attack began on 14 March 0800+1100.

Thanks for any assistance, as always!

Scott A. McIntyre
Telstra




2012-03-14 11:09:19 crit  Destination session threshold has been exceeded!,= From 200.63.232.74/1596 to 203.202.1.63/80, using protocol TCP (on zone EX= TERNAL,interface ethernet2/1) occurred 1 times=20
2012-03-14 11:09:19 crit  Destination session threshold has been exceeded!,= From 186.54.135.102/65297 to 203.202.1.63/80, using protocol TCP (on zone = EXTERNAL,interface ethernet2/1) occurred 1 times=20
2012-03-14 11:09:19 crit  Destination session threshold has been exceeded!,= From 177.34.187.173/54297 to 203.202.1.63/80, using protocol TCP (on zone = EXTERNAL,interface ethernet2/1) occurred 1 times=20
2012-03-14 11:09:19 crit  Destination session threshold has been exceeded!,= From 190.135.37.235/3044 to 203.202.1.63/80, using protocol TCP (on zone E= XTERNAL,interface ethernet2/1) occurred 1 times=20
2012-03-14 11:09:19 crit  Destination session threshold has been exceeded!,= From 201.8.185.200/19823 to 203.202.1.63/80, using protocol TCP (on zone E= XTERNAL,interface ethernet2/1) occurred 1 times=20
2012-03-14 11:09:19 crit  Destination session threshold has been exceeded!,= From 189.56.106.2/60319 to 203.202.1.63/80, using protocol TCP (on zone EX= TERNAL,interface ethernet2/1) occurred 1 times=20
2012-03-14 11:09:19 crit  Destination session threshold has been exceeded!,= From 186.203.39.36/61969 to 203.202.1.63/80, using protocol TCP (on zone E= XTERNAL,interface ethernet2/1) occurred 3 times=20
2012-03-14 11:09:19 crit  Destination session threshold has been exceeded!,= From 189.127.190.108/59023 to 203.202.1.63/80, using protocol TCP (on zone= EXTERNAL,interface ethernet2/1) occurred 1 times=20
2012-03-14 11:09:19 crit  Destination session threshold has been exceeded!,= From 177.18.191.116/52328 to 203.202.1.63/80, using protocol TCP (on zone = EXTERNAL,interface ethernet2/1) occurred 1 times=20
2012-03-14 11:09:19 crit  Destination session threshold has been exceeded!,= From 200.163.2.215/4640 to 203.202.1.63/80, using protocol TCP (on zone EX= TERNAL,interface ethernet2/1) occurred 1 times=20
2012-03-14 11:09:19 crit  Destination session threshold has been exceeded!,= From 189.108.66.74/3232 to 203.202.1.63/80, using protocol TCP (on zone EX= TERNAL,interface ethernet2/1) occurred 1 times=20
2012-03-14 11:09:19 crit  Destination session threshold has been exceeded!,= From 37.107.46.253/3474 to 203.202.1.63/80, using protocol TCP (on zone EX= TERNAL,interface ethernet2/1) occurred 1 times=20
2012-03-14 11:09:19 crit  Destination session threshold has been exceeded!,= From 183.89.104.216/5170 to 203.202.1.63/80, using protocol TCP (on zone E= XTERNAL,interface ethernet2/1) occurred 1 times=20
2012-03-14 11:09:19 crit  Destination session threshold has been exceeded!,= From 190.75.73.191/59785 to 203.202.1.63/80, using protocol TCP (on zone E= XTERNAL,interface ethernet2/1) occurred 1 times=20
2012-03-14 11:09:19 crit  Destination session threshold has been exceeded!,= From 200.1.208.2/15244 to 203.202.1.63/80, using protocol TCP (on zone EXT= ERNAL,interface ethernet2/1) occurred 1 times=20
2012-03-14 11:09:19 crit  Destination session threshold has been exceeded!,= From 197.2.43.20/65112 to 203.202.1.63/80, using protocol TCP (on zone EXT= ERNAL,interface ethernet2/1) occurred 2 times=20
2012-03-14 11:09:19 crit  Destination session threshold has been exceeded!,= From 187.14.227.213/50201 to 203.202.1.63/80, using protocol TCP (on zone = EXTERNAL,interface ethernet2/1) occurred 1 times=20
2012-03-14 11:09:19 crit  Destination session threshold has been exceeded!,= From 118.174.105.171/64339 to 203.202.1.63/80, using protocol TCP (on zone= EXTERNAL,interface ethernet2/1) occurred 2 times

More information about the nsp-security mailing list