AW: [Spam] Re: [swinog] fw change on bluewin adsl accounts today?

-- Mike Kellenberger mike.kellenberger@escapenet.ch Escapenet - the Web Company Tel +41 52 235 0700 http://www.escapenet.ch Skype mikek70atwork -----Ursprüngliche Nachricht----- Von: swinog-bounces@lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] Im Auftrag von Mike Kellenberger Gesendet: Freitag, 11. April 2008 16:08 An: swinog@swinog.ch Betreff: AW: [Spam] Re: [swinog] fw change on bluewin adsl accounts today? Yep, same here... http://service.escapenet.ch/mrtg/escfwconn.html Could someone at Init7 filter these for us? Thanks! Regards, Mike -- Mike Kellenberger mike.kellenberger@escapenet.ch Escapenet - the Web Company Tel +41 52 235 0700 http://www.escapenet.ch Skype mikek70atwork -----Ursprüngliche Nachricht----- Von: swinog-bounces@lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] Im Auftrag von Goetz von Escher Gesendet: Freitag, 11. April 2008 15:56 An: swinog@swinog.ch Betreff: [Spam] Re: [swinog] fw change on bluewin adsl accounts today? Hi all We notice a heavy DoS attack of TCP SYN packets to port 80 since yesterday 22:02 CEST directed against (random?) targets using a spoofed src ip from Munich (don't call the owner, call your upstream ISP and ask for proper filtering!). Lots of webservers and companies are affected. Some statistics can be found here: http://www.dshield.org/ipinfo.html?ip=212.224.127.14 http://stats.fp6-noah.org/top.php With kind regards Goetz von Escher On 11.04.2008 15:16, Erich Hohermuth wrote: > Hello > > We also have a few customers complaining about connection troubles, > most of them have a Zywal. After some netflow debugging we see many > port 80 syn connections which seems the cause of the troubles. > > If someone needs a dump file, just send me a mail. > > Kind Regards > Erich > > Am Freitag, den 11.04.2008, 14:27 +0200 schrieb Olivier Mueller: >> Hello, >> >> Still trying to reach the swisscom/bluewin support since 10 minutes >> (and the robot keeps telling me "voraussichtliche warte zeit: 4-5 minuten" >> all the time), so I guess it quicker if I ask here as well. >> >> It's a simple problem: I manage a few intranet boxes (mail/webproxy) >> connected to the net via standard bluewin adsl lines. Everything was >> fine the last years until today. Remote access via ssh (NAT on the >> router). >> >> Since today: no way to connect any of the hosts (about 5) : ports >> for ssh and http seems to be closed, while some of the IP are still >> pingable. >> >> Maybe somebody around knows about this thing? For example: maybe >> they activated a firewall this night on all customers lines to prevent >> virus/worms problems? (I don't have a bluewin line myself, so it's >> hard to debug remotely) . >> >> Regards & a nice Weekend/Sechseläuten to you, Olivier >> >> PS: in the mean time, the hotline answered and they know nothing >> about that, but they are going to check internally and call back later... >> >> _______________________________________________ >> swinog mailing list >> swinog@lists.swinog.ch >> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog _______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog