discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] Traffic Flood

From: Waqas Ashraf <waqas281 AT gmail.com>
To: "discuss AT lists.opennicproject.org" <discuss AT lists.opennicproject.org>
Subject: Re: [opennic-discuss] Traffic Flood
Date: Sun, 14 Jul 2013 20:29:33 -0500

That's what I thought at first it was just a scan for first, but It lasted for 1 hour 47 minutes, which is where I blocked the IP address after looking it up figuring it was DDOS. I took the IPSec rule down for about 10 mins after 2 hours of blocking the traffic was gone.

Sent from my iPhone

On Jul 14, 2013, at 7:42 PM, Guillaume Parent <gparent AT gparent.org> wrote:

It could also be an internet scan, but yes, you're right that there's probably a few children on the mailing list who just read it for DDoS purposes.

On Sun, Jul 14, 2013 at 5:41 PM, waqas <waqas281 AT gmail.com> wrote:

sadly there are no more details on the traffic for anonymity purpose i had set the logging to minimal.so I'd know when there was flood from one certain IP.
Also im using windows server 2012 so i don't know how i could possibly implement the iptables rules.
I used ipsec to block the traffic and so far its been working pretty good, i haven't seen any more traffic from that ip address.
I looked up the IP address and its some gaming chat server, odd for such server to be sending so much traffic espacily since the server says its offline.
also another observation i did, i never posted my server address on the t2 list on the opennic site i only posted it in here. so how this person got my server address seem like pretty logical hes in here reading these emails LOL.

On Sun, Jul 14, 2013 at 4:10 PM, Jeff Taylor <shdwdrgn AT sourpuss.net> wrote:

The log entry doesn't seem to give much detail about what is going on.
Do you know if this is directed at DNS queries or something else? If
it's DNS, can you post an example of the query or packet so we can see
what is being sent?

Also, have you implemented any of the suggestions on the wiki security page?
http://wiki.opennicproject.org/Tier2Security

On 07/14/2013 10:56 AM, waqas wrote:
> Is anyone else experiencing this I've been getting this traffic for
> last hour and half and i finally blocked it. thinking its defiantly
> malicious.
> 7/14/2013 11:28:00 AM 04C4 PACKET 0000001950D53E80 UDP Snd
> 109.163.238.75 9768 R Q [8083 TDR NOERROR] ALL
> (1)d(10)directedat(4)asia(0)
>

--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org

[opennic-discuss] Traffic Flood, waqas, 07/14/2013
- Re: [opennic-discuss] Traffic Flood, Jeff Taylor, 07/14/2013
  - Re: [opennic-discuss] Traffic Flood, waqas, 07/14/2013
    - Re: [opennic-discuss] Traffic Flood, Guillaume Parent, 07/14/2013
      - Re: [opennic-discuss] Traffic Flood, Waqas Ashraf, 07/14/2013
  - Re: [opennic-discuss] Traffic Flood, Bersl, 07/15/2013
    - Re: [opennic-discuss] Traffic Flood, waqas, 07/15/2013