Article 7197 at 06/09/22 11:34:44 From: lesmith (at mark) ecsis.net Subject: [coba-e:07197] Re: Today's Kiddie Attack

Index: [Article Count Order] [Thread]
Date:  Thu, 21 Sep 2006 20:17:49 -0500
From:  Larry Smith <lesmith (at mark) ecsis.net>
Subject:  [coba-e:07197] Re: Today's Kiddie Attack
To:  coba-e (at mark) bluequartz.org
Message-Id:  <200609212017.50652.lesmith (at mark) ecsis.net>
In-Reply-To:  <006101c6dde1$16a6fb60$6400a8c0@YOUR4105E587B6>
References:  <006101c6dde1$16a6fb60$6400a8c0@YOUR4105E587B6>
X-Mail-Count: 07197

On Thursday 21 September 2006 19:50, Darrell D. Mobley wrote:
> The changes I have made to the SYN cookies seem to be helping, but it would
> sure be interesting to drop a 20 megaton bomb on these people:
>
> Active Internet connections (w/o servers)
> Proto Recv-Q Send-Q Local Address               Foreign Address
> State       User       Inode      PID/Program name
> tcp        0      0 216.130.248.52:80           192.168.1.4:2911
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2845
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2885
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2894
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2902
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2907
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.3:2928
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2832
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2889
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2905
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2829
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2883
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2909
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2849
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.3:2930
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2814
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2884
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2819
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.3:2914
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2891
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.3:2922
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2908
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2903
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2868
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2810
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2906
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2872
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2888
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2893
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2825
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2887
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2904
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2812
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2833
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2871
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2910
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2847
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2837
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.3:2918
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2892
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.3:2925
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2890
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2848
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2830
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2875
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.3:2920
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2876
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2874
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2839
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2817
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2886
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2870
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.3:2926
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2901
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2823
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.3:2916
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2835
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2912
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2821
> SYN_RECV    0          0          -
> tcp        0      0 216.130.248.52:80           192.168.1.4:2873
> SYN_RECV    0          0          -

Interesting, appears you are blocking your own private network.....
216.130.248.52 is your server, and anything 192.168.X.Y is "private" network 
and not routable on the public internet, so it must be "inside" your network.

-- 
Larry Smith
SysAd ECSIS.NET
sysad (at mark) ecsis.net