-
August 18th, 2008, 02:56 PM
#1
DOS from certain ip's
Denial of service attack Firewall protection 08/17/08 23:38:31 Blocked Source IP address: 196.207.32.69
Denial of service attack Firewall protection 08/17/08 23:38:26 Blocked Source IP address: 196.207.32.83
Hi there
A client of mine keeps getting this DOS attack from the above two ip's.
How do I find out more? I can ping both and run traceroutes. How do I find out more from where it is comming and what app is doing this?
Thanks in advance.
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
August 18th, 2008, 03:03 PM
#2
What are the source and destination ports?
Oliver's Law:
Experience is something you don't get until just after you need it.
-
August 18th, 2008, 03:11 PM
#3
Hey there SD
I dont know exactly what the ports are. This was a log generated by the AV software.
I can pm you the full report if you wish. Where do I find out what the source port is and destination port?
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
August 18th, 2008, 03:14 PM
#4
It should be in that report. If it's not in there then it's utterly useless. Which, unfortunately, is quite common with this type of "security" software
Oliver's Law:
Experience is something you don't get until just after you need it.
-
August 18th, 2008, 03:54 PM
#5
Ok well it doesnt show you.
If it did , what would that tell us, the app?
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
August 18th, 2008, 03:58 PM
#6
Hey SD. I jsut looked at our corporate products and see that they show the source and target port.
Um whihc security suite can tell you this, I would like this as my personal one so I can see exactly.
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
August 18th, 2008, 04:21 PM
#7
I have no idea, I don't use any virusscanner and/or firewall on my windows machines..
But, since it seems it always comes from these 2 ip addresses, you could setup Wireshark. Just capture only the traffic to/from these hosts.
A filter like "(host 1.2.3.4 or host 4.3.2.1)" should do the trick.
Last edited by SirDice; August 18th, 2008 at 04:23 PM.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
August 18th, 2008, 04:28 PM
#8
If it did , what would that tell us, the app
Knowing the source and destination ports can help isolate what service and/or application is being targeted or used. In many instances (not all), an application/service will use specific ports to communicate.
The object of war is not to die for your country but to make the other bastard die for his - George Patton
-
August 18th, 2008, 10:40 PM
#9
The ZoneAlarm free personal firewall gives that information. Is there a different log in your product? like maybe only available interactively?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|