D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] OT: Anonymous FTP access from China

 

Gordon Henderson wrote:
> On Thu, 23 Jul 2009, Simon Waters wrote:
>
>   
>> Gordon Henderson wrote:
>>     
>>> Seeing very few anonymous attempts right now. Several dictionary attacks
>>> from Belgium... and one site trying to connect as "USER Administrator"
>>> 7000 times in the past week... (From somewhere in Indonesia)
>>>       
>> Do you not kill such attempts using fail2ban or similar.
>>     
>
> Sometimes. Not usually an issue though. Creates yet another log-file to 
> look at..
>
> Got more on my plate right now though - someone has decided to DDoS one of 
> my servers )-: Almost wiped me out earlier. Took my connection up to 
> 60Mb/sec and 100,000 packets/sec )-: It would have been more but my poor 
> Linux routers met their match. (more in terms of pps than b/w - they'll 
> route 100Mb/sec OK if it's a sensible sized packets!) This was a SYN flood 
> attack aimed at just one IP address & port 80.
>
> Fortunately I have an understanding ISP who were clued up enough to be 
> able to black-home the incoming data at their borders for me earler - 
> re-enabled now, but it's still going on...
>
> However, it's dying off now - currently down to about 5Mb/sec. Got a 
> capture - 79 unique hosts in 10,000 packets. (if I trust the hosts not to 
> be forged!) I'd hate to think what it was at it's peak. All those PCs, all 
> over the world pumping out data. What a waste... And I know I'd like to 
> blame Win PCs, but I've seen DDoS code for Linux (installed on my own 
> servers thanks to buggy phpBB!) - there are countless Linux hosts out 
> there too, part of zombie networks, just waiting for a command...
>
> Why? Who knows )-: B'stards.
>   
Either you've offended them somehow, they've got the wrong IP or you may 
be contacted for money to stop it happening again!
Tom te tom te tom


-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html