[Nlnog] Urgent: Administrative issue enclosed, please read. (fwd)

Frans ter Borg frans at quanza.net
Wed Jul 23 19:11:29 UTC 2003 

hoi,

Iemand een idee door welke tool onderstaande mails worden uitgespuugd ?

Sinds vandaag krijg ik ze in exact dezelfde template toegestuurd vanaf
allerlei kanten. Een traceroute naar genoemde host resulteert enige
seconden later in nog meer van die rommel.

De defaults lijken wel errug strak te staan.

groet,

Frans

---------- Forwarded message ----------
Date: Wed, 23 Jul 2003 11:44:11 -0700
From: root <root at home.insomniaserver.com>
To: frans at quanza.net
Subject: Urgent: Administrative issue enclosed, please read.

To whom it may concern;

The remote system 212.129.200.59 was logged attacking our host 69.1.84.176,
this is an automated warning based on admin contacts from the arin.net whois
database. Please do not ignore this message!

212.129.200.59 was found to have exceeded acceptable inbound packet flow,
we have as such banned the remote host from our network. However to remove the
stress from our carrier providers network, we require your assistance to
further investigate this issue and see that it does not occure again.

Enclosed below are log portions detailing the attack on our host, all time
stamps are GMT -0700.

Event logs:
Jul 23 11:43:39 home kernel: ** UDP DROP ** IN=eth0 OUT= MAC=00:20:ed:76:47:8b:00:b0:4a:6a:c9:80:08:00 SRC=212.129.200.59 DST=69.1.84.176 LEN=40 TOS=0x00 PREC=0x00 TTL=1 ID=58077 PROTO=UDP SPT=58034 DPT=33477 LEN=20
Jul 23 11:43:44 home kernel: ** UDP DROP ** IN=eth0 OUT= MAC=00:20:ed:76:47:8b:00:b0:4a:6a:c9:80:08:00 SRC=212.129.200.59 DST=69.1.84.176 LEN=40 TOS=0x00 PREC=0x00 TTL=1 ID=58078 PROTO=UDP SPT=58034 DPT=33478 LEN=20
Jul 23 11:43:49 home kernel: ** UDP DROP ** IN=eth0 OUT= MAC=00:20:ed:76:47:8b:00:b0:4a:6a:c9:80:08:00 SRC=212.129.200.59 DST=69.1.84.176 LEN=40 TOS=0x00 PREC=0x00 TTL=1 ID=58079 PROTO=UDP SPT=58034 DPT=33479 LEN=20
Jul 23 11:43:54 home kernel: ** UDP DROP ** IN=eth0 OUT= MAC=00:20:ed:76:47:8b:00:b0:4a:6a:c9:80:08:00 SRC=212.129.200.59 DST=69.1.84.176 LEN=40 TOS=0x00 PREC=0x00 TTL=2 ID=58080 PROTO=UDP SPT=58034 DPT=33480 LEN=20
Jul 23 11:43:59 home kernel: ** UDP DROP ** IN=eth0 OUT= MAC=00:20:ed:76:47:8b:00:b0:4a:6a:c9:80:08:00 SRC=212.129.200.59 DST=69.1.84.176 LEN=40 TOS=0x00 PREC=0x00 TTL=2 ID=58081 PROTO=UDP SPT=58034 DPT=33481 LEN=20

- Administrative team, ExpertPAD
<admin at insomniaserver.com>

More information about the NLNOG mailing list