Hi all
We notice a heavy DoS attack of TCP SYN packets to port 80 since yesterday 22:02 CEST directed against (random?) targets using a spoofed src ip from Munich (don't call the owner, call your upstream ISP and ask for proper filtering!). Lots of webservers and companies are affected. Some statistics can be found here:
http://www.dshield.org/ipinfo.html?ip=212.224.127.14 http://stats.fp6-noah.org/top.php
With kind regards Goetz von Escher
On 11.04.2008 15:16, Erich Hohermuth wrote:
Hello
We also have a few customers complaining about connection troubles, most of them have a Zywal. After some netflow debugging we see many port 80 syn connections which seems the cause of the troubles.
If someone needs a dump file, just send me a mail.
Kind Regards Erich
Am Freitag, den 11.04.2008, 14:27 +0200 schrieb Olivier Mueller:
Hello,
Still trying to reach the swisscom/bluewin support since 10 minutes (and the robot keeps telling me "voraussichtliche warte zeit: 4-5 minuten" all the time), so I guess it quicker if I ask here as well.
It's a simple problem: I manage a few intranet boxes (mail/webproxy) connected to the net via standard bluewin adsl lines. Everything was fine the last years until today. Remote access via ssh (NAT on the router).
Since today: no way to connect any of the hosts (about 5) : ports for ssh and http seems to be closed, while some of the IP are still pingable.
Maybe somebody around knows about this thing? For example: maybe they activated a firewall this night on all customers lines to prevent virus/worms problems? (I don't have a bluewin line myself, so it's hard to debug remotely) .
Regards & a nice Weekend/Sechseläuten to you, Olivier
PS: in the mean time, the hotline answered and they know nothing about that, but they are going to check internally and call back later...
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog