Results 1 to 9 of 9

Thread: DOS from certain ip's

  1. #1
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683

    DOS from certain ip's

    Denial of service attack Firewall protection 08/17/08 23:38:31 Blocked Source IP address: 196.207.32.69
    Denial of service attack Firewall protection 08/17/08 23:38:26 Blocked Source IP address: 196.207.32.83




    Hi there




    A client of mine keeps getting this DOS attack from the above two ip's.

    How do I find out more? I can ping both and run traceroutes. How do I find out more from where it is comming and what app is doing this?

    Thanks in advance.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    What are the source and destination ports?
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Hey there SD

    I dont know exactly what the ports are. This was a log generated by the AV software.

    I can pm you the full report if you wish. Where do I find out what the source port is and destination port?
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  4. #4
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    It should be in that report. If it's not in there then it's utterly useless. Which, unfortunately, is quite common with this type of "security" software
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  5. #5
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Ok well it doesnt show you.

    If it did , what would that tell us, the app?
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  6. #6
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Hey SD. I jsut looked at our corporate products and see that they show the source and target port.

    Um whihc security suite can tell you this, I would like this as my personal one so I can see exactly.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  7. #7
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    I have no idea, I don't use any virusscanner and/or firewall on my windows machines..

    But, since it seems it always comes from these 2 ip addresses, you could setup Wireshark. Just capture only the traffic to/from these hosts.

    A filter like "(host 1.2.3.4 or host 4.3.2.1)" should do the trick.
    Last edited by SirDice; August 18th, 2008 at 04:23 PM.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  8. #8
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    SC
    Posts
    718
    If it did , what would that tell us, the app
    Knowing the source and destination ports can help isolate what service and/or application is being targeted or used. In many instances (not all), an application/service will use specific ports to communicate.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    The ZoneAlarm free personal firewall gives that information. Is there a different log in your product? like maybe only available interactively?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •