Attacks trying to make me attack another site / 2016-11-02

2016-11-02 Attacks trying to make me attack another site7 months ago
I noted some weirdness:
tcp        0      0 xx.xx.xx.xx:http    141.138.130.37:http     SYN_RECV   
Variation on earlier Don't try to use my system to attack another. I viewed the traffic with p0f and noticed there isn't variation in the sources now:
95.131.186.32:80 - UNKNOWN [8192:59:1:40:.:.:?:?]
  -> xx.xx.xx.xx:80 (link: unspecified)
95.131.186.32:80 - UNKNOWN [8192:59:1:40:.:.:?:?]
  -> xx.xx.xx.xx:80 (link: unspecified)
141.138.130.37:80 - UNKNOWN [8192:51:1:40:.:.:?:?]
  -> xx.xx.xx.xx:80 (link: unspecified)
141.138.130.37:80 - UNKNOWN [8192:39:1:40:.:.:?:?]
  -> xx.xx.xx.xx:80 (link: unspecified)
141.138.130.37:80 - UNKNOWN [8192:39:1:40:.:.:?:?]
  -> xx.xx.xx.xx:80 (link: unspecified)
95.131.186.32:80 - UNKNOWN [8192:67:1:40:.:.:?:?]
  -> xx.xx.xx.xx:80 (link: unspecified)
95.131.186.32:80 - UNKNOWN [8192:43:1:40:.:.:?:?]
  -> xx.xx.xx.xx:80 (link: unspecified)
All trying to make my system take part in an attack on 141.138.130.37 and 95.131.186.32, both part of "William Hill Organization" on Gibraltar.

The rules saying that I want to limit the amount of outgoing tcp syn/ack packets to one IP are working. Of course the real source of the attack is some network that does not implement BCP38 source address filtering.

Tags: ,

, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key 2C66 3B5D F0D7 C263 local copy PGP key 2C66 3B5D F0D7 C263 via keyservers pgp key statistics for 0x2C663B5DF0D7C263 Koos van den Hout
RSS
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews, Weather maps
This page generated in 0.008865 seconds.