Am I part of an interesting attack? / 2015-03-05

2015-03-05 Am I part of an interesting attack? 6 years ago
Noticable traffic:
13:06:15.787470 IP (tos 0x0, ttl 110, id 27178, offset 0, flags [DF], proto TCP (6), length 52) 148.251.47.107.80 > xx.xx.xx.xx.53: S, cksum 0x48c7 (correct), 2310054019:2310054019(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
13:06:16.188187 IP (tos 0x0, ttl 92, id 14152, offset 0, flags [DF], proto TCP (6), length 52) 148.251.47.107.80 > xx.xx.xx.xx.53: S, cksum 0x2c3a (correct), 1627317698:1627317698(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
13:06:16.588698 IP (tos 0x0, ttl 96, id 64188, offset 0, flags [DF], proto TCP (6), length 52) 148.251.47.107.80 > xx.xx.xx.xx.53: S, cksum 0x6e9f (correct), 249296256:249296256(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
13:06:16.989469 IP (tos 0x0, ttl 97, id 54770, offset 0, flags [DF], proto TCP (6), length 52) 148.251.47.107.80 > xx.xx.xx.xx.53: S, cksum 0xa3fc (correct), 3532061815:3532061815(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
13:06:17.390192 IP (tos 0x0, ttl 92, id 5400, offset 0, flags [DF], proto TCP (6), length 52) 148.251.47.107.80 > xx.xx.xx.xx.53: S, cksum 0xaae9 (correct), 1786797457:1786797457(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
13:06:17.792734 IP (tos 0x0, ttl 81, id 42621, offset 0, flags [DF], proto TCP (6), length 52) 148.251.47.107.80 > xx.xx.xx.xx.53: S, cksum 0x925d (correct), 3619031271:3619031271(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
13:06:18.193910 IP (tos 0x0, ttl 81, id 6384, offset 0, flags [DF], proto TCP (6), length 52) 148.251.47.107.80 > xx.xx.xx.xx.53: S, cksum 0x5712 (correct), 841083335:841083335(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
The variation in ttl values suggests a distributed denial of service attack trying to make me part of it.

Tags: , ,

IPv6 check

Running test...
, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred. PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers

RSS
Meningen zijn die van mezelf, wat ik schrijf is beschermd door auteursrecht. Sommige publicaties bevatten een expliciete vermelding dat ze ongevraagd gedeeld mogen worden.
My opinions are my own, what I write is protected by copyrights. Some publications contain an explicit license statement which allows sharing without asking permission.
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated by $Id: newsitem.cgi,v 1.54 2020/12/31 15:36:31 koos Exp $ in 0.024257 seconds.