Linux-Noob Forums
DDOS - Printable Version

+- Linux-Noob Forums (https://www.linux-noob.com/forums)
+-- Forum: Linux Server Administration (https://www.linux-noob.com/forums/forum-8.html)
+--- Forum: Security and Firewalls (https://www.linux-noob.com/forums/forum-87.html)
+--- Thread: DDOS (/thread-3278.html)



DDOS - anyweb - 2004-06-27


hi guys, as discussed... here is some info about a DDOS that was carried out on me last nite.

 

what is the best way for me to troubleshoot this ? suggestions welcome

 

cheers

 

anyweb

 

Quote:Date: 06/27 02:15:05  Name: SNMP trap udpPriority: 2  Type: Attempted Information Leak

IP info:  192.192.232.185:31745 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:15:21  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  218.236.121.190:40705 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:15:21  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  218.236.121.190:40705 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:15:27  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  210.115.54.61:16384 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:15:27  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  210.115.54.61:16384 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:15:37  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  218.233.157.254:12288 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:15:37  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  218.233.157.254:12288 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:15:45  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  217.144.216.40:15619 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:15:45  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  217.144.216.40:15619 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:15:50  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.233.157.187:34307 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:15:50  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.233.157.187:34307 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:15:56  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.236.121.217:55555 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:15:56  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.236.121.217:55555 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:16:20  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  61.106.67.1:53249 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:16:20  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  61.106.67.1:53249 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:16:25  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  192.192.232.207:33026 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:16:25  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  192.192.232.207:33026 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:16:26  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  192.192.232.115:9472 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:16:26  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  192.192.232.115:9472 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:16:31  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  218.234.239.196:13315 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:16:31  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  218.234.239.196:13315 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:16:41  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  218.26.130.177:64256 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:16:41  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  218.26.130.177:64256 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:16:51  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.235.172.39:18435 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:16:51  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.235.172.39:18435 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:17:04  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.235.172.216:19712 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:17:04  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.235.172.216:19712 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:17:18  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  210.223.109.100:1847 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:17:18  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  210.223.109.100:1847 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:17:29  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.238.63.18:65024 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:17:29  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.238.63.18:65024 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:17:35  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.236.121.75:47360 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:17:35  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.236.121.75:47360 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:17:40  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  221.142.16.133:55043 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:17:40  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  221.142.16.133:55043 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:17:48  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.233.157.220:32771 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:17:48  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.233.157.220:32771 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:17:49  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  218.234.239.30:13826 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:17:49  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  218.234.239.30:13826 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:17:49  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  210.223.109.100:2881 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:17:49  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  210.223.109.100:2881 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:18:18  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.233.157.138:28163 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:18:18  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.233.157.138:28163 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:18:22  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  218.233.157.22:21763 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:18:22  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  218.233.157.22:21763 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:18:39  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  218.233.157.125:64768 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:18:39  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  218.233.157.125:64768 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:18:45  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  192.192.232.224:38144 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:18:45  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  192.192.232.224:38144 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:18:53  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  192.192.232.138:51458 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:18:53  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  192.192.232.138:51458 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:18:57  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  218.233.157.18:59393 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:18:57  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  218.233.157.18:59393 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:18:58  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  210.223.109.100:1677 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:18:58  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  210.223.109.100:1677 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:18:59  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  61.106.67.39:32514 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:18:59  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  61.106.67.39:32514 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:19:01  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  218.233.157.83:7683 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:19:01  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  218.233.157.83:7683 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:19:19  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.233.157.113:10498 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:19:19  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.233.157.113:10498 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:19:25  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.238.63.1:53249 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:19:25  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.238.63.1:53249 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:19:31  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.235.172.248:256 -> 81.225.169.198:162

References: 1 2 3 4

Date: 06/27 02:19:45  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  218.233.157.209:5633 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:19:45  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  218.233.157.209:5633 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:19:53  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  200.69.246.117:1624 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:19:53  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  200.69.246.117:1624 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:20:00  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  192.192.232.56:24577 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:20:00  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  192.192.232.56:24577 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:20:14  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  210.115.54.201:38914 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:20:14  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  210.115.54.201:38914 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:20:30  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  210.115.54.1:19200 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:20:30  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  210.115.54.1:19200 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:21:10  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  221.142.16.188:1 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:21:10  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  221.142.16.188:1 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:21:21  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  218.26.195.250:1213 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:21:21  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  218.26.195.250:1213 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:21:31  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.233.157.14:35329 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:21:31  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.233.157.14:35329 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:21:40  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  218.233.157.242:46080 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:21:40  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  218.233.157.242:46080 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:21:52  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.233.157.147:43266 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:21:52  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.233.157.147:43266 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:22:16  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  218.233.157.116:61955 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:22:16  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  218.233.157.116:61955 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:22:19  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  210.115.54.222:37889 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:22:19  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  210.115.54.222:37889 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:22:26  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  218.235.172.105:13057 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:22:26  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  218.235.172.105:13057 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:22:29  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.238.63.208:2 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:22:29  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.238.63.208:2 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:22:33  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  210.223.109.100:1597 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:22:33  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  210.223.109.100:1597 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:23:07  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  192.192.232.127:56323 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:23:07  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  192.192.232.127:56323 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:23:27  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  218.235.172.21:38659 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:23:27  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  218.235.172.21:38659 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:23:30  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  218.235.172.122:51203 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:23:30  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  218.235.172.122:51203 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:23:44  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  210.115.49.63:54785 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:23:44  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  210.115.49.63:54785 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:23:54  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  221.142.16.234:6912 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:23:54  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  221.142.16.234:6912 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:24:14  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.233.157.6:22785 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:24:14  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.233.157.6:22785 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:24:26  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  210.223.109.100:2332 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:24:26  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  210.223.109.100:2332 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:24:36  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  61.238.61.137:36610 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:24:36  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  61.238.61.137:36610 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:24:55  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  218.233.157.147:48130 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:24:55  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  218.233.157.147:48130 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:25:00  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.233.157.79:45057 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:25:00  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.233.157.79:45057 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:25:03  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  210.115.49.186:36611 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:25:03  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  210.115.49.186:36611 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:25:11  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  221.142.16.209:20482 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:25:11  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  221.142.16.209:20482 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:25:43  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  218.238.62.199:4610 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:25:43  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  218.238.62.199:4610 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:25:43  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.233.157.104:21504 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:25:43  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.233.157.104:21504 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:25:53  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  221.142.16.230:1027 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:25:53  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  221.142.16.230:1027 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:26:09  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  210.115.54.11:46849 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:26:09  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  210.115.54.11:46849 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:26:26  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  210.115.54.13:59648 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:26:26  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  210.115.54.13:59648 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:26:28  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  210.223.109.100:2941 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:26:28  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  210.223.109.100:2941 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:26:48  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  218.233.157.160:32003 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:26:48  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  218.233.157.160:32003 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:26:51  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  210.223.109.100:2057 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:26:51  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  210.223.109.100:2057 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:26:52  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  221.142.16.211:18433 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:26:52  Name: BAD TRAFFIC udp port 0 traffic

Priority: 3  Type: Misc activity

IP info:  221.142.16.211:18433 -> 81.225.169.198:0

References: 1 2

Date: 06/27 02:27:02  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.233.157.160:13056 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:27:02  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.233.157.160:13056 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:27:11  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  210.115.49.229:2049 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:27:11  Name: EXPLOIT ntpdx overflow attempt

Priority: 1  Type: Attempted Administrator Privilege Gain

IP info:  210.115.49.229:2049 -> 81.225.169.198:123

References: 1 2

Date: 06/27 02:27:22  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.233.157.30:41474 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:27:22  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.233.157.30:41474 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:27:31  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.233.157.141:3 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:27:31  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.233.157.141:3 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:27:38  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.233.157.37:59650 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:27:38  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.233.157.37:59650 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:27:40  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.233.157.207:33792 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:27:40  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.233.157.207:33792 -> 81.225.169.198:161

References: 1 2

Date: 06/27 02:28:05  Name: SNMP trap udp

Priority: 2  Type: Attempted Information Leak

IP info:  192.192.232.53:34048 -> 81.225.169.198:162

References: 1 2

Date: 06/27 02:28:28  Name: SNMP request udp

Priority: 2  Type: Attempted Information Leak

IP info:  218.233.157.103:23297 -> 81.225.169.198:161

References: 1 2
 

and

 

 

Quote:Jun 27 01:58:06 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.155.226.246 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=17987 DF PROTO=TCP SPT=3193 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 Jun 27 01:58:08 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=200.28.42.193 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=103 ID=55294 DF PROTO=TCP SPT=1863 DPT=17300 WINDOW=65535 RES=0x00 SYN URGP=0

Jun 27 01:58:09 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.155.226.246 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=18448 DF PROTO=TCP SPT=3193 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

Jun 27 01:58:15 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.155.226.246 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=19366 DF PROTO=TCP SPT=3193 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

Jun 27 01:58:26 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=200.104.67.26 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=49 ID=44912 DF PROTO=TCP SPT=3019 DPT=17300 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 01:58:27 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=62.39.227.222 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=48633 DF PROTO=TCP SPT=3325 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

Jun 27 01:58:31 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.225.201.65 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=58437 DF PROTO=TCP SPT=2232 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 01:58:34 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.225.201.65 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=58525 DF PROTO=TCP SPT=2232 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 01:58:53 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=64.251.148.212 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=57668 DF PROTO=TCP SPT=1254 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 01:58:56 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=64.251.148.212 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=58242 DF PROTO=TCP SPT=1254 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 01:59:00 smoothwall CROND[31916]: (nobody) CMD (/usr/local/bin/stayup.pl >/dev/null)

Jun 27 01:59:02 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=64.251.148.212 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=59441 DF PROTO=TCP SPT=1254 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 01:59:20 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=195.198.194.172 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=121 ID=64772 DF PROTO=TCP SPT=3307 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 01:59:23 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=195.198.194.172 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=121 ID=65412 DF PROTO=TCP SPT=3307 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 01:59:29 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=195.198.194.172 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=121 ID=1078 DF PROTO=TCP SPT=3307 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 01:59:33 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=63.191.201.48 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=36049 DF PROTO=TCP SPT=4094 DPT=445 WINDOW=8760 RES=0x00 SYN URGP=0

Jun 27 01:59:37 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=63.191.201.48 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=36378 DF PROTO=TCP SPT=4094 DPT=445 WINDOW=8760 RES=0x00 SYN URGP=0

Jun 27 01:59:41 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=65.179.97.22 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=45701 DF PROTO=TCP SPT=2712 DPT=445 WINDOW=8760 RES=0x00 SYN URGP=0

Jun 27 01:59:43 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=65.179.97.22 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=46023 DF PROTO=TCP SPT=2712 DPT=445 WINDOW=8760 RES=0x00 SYN URGP=0

Jun 27 01:59:44 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=63.191.201.48 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=37053 DF PROTO=TCP SPT=4094 DPT=445 WINDOW=8760 RES=0x00 SYN URGP=0

Jun 27 01:59:46 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=68.146.77.49 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=33624 DF PROTO=TCP SPT=4983 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 01:59:49 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=68.146.77.49 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=34755 DF PROTO=TCP SPT=4983 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 01:59:50 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=65.179.97.22 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=46663 DF PROTO=TCP SPT=2712 DPT=445 WINDOW=8760 RES=0x00 SYN URGP=0

Jun 27 01:59:55 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=68.146.77.49 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=37292 DF PROTO=TCP SPT=4983 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 02:00:00 smoothwall CROND[31921]: (nobody) CMD (/usr/local/bin/stayup.pl >/dev/null)

Jun 27 02:00:00 smoothwall CROND[31923]: (root) CMD (/usr/local/bin/rrdtool.pl >/dev/null)

Jun 27 02:00:00 smoothwall CROND[31924]: (root) CMD (/usr/local/sbin/fetchipac)

Jun 27 02:00:09 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=129.44.82.132 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=15595 DF PROTO=TCP SPT=4590 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 02:00:12 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=129.44.82.132 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=16622 DF PROTO=TCP SPT=4590 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 02:00:13 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=202.83.101.151 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=104 ID=39993 DF PROTO=TCP SPT=2425 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 02:00:16 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=202.83.101.151 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=104 ID=41111 DF PROTO=TCP SPT=2425 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 02:00:18 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=129.44.82.132 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=18709 DF PROTO=TCP SPT=4590 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 02:00:22 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=202.83.101.151 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=104 ID=43262 DF PROTO=TCP SPT=2425 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 02:00:27 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.225.183.232 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=123 ID=55616 DF PROTO=TCP SPT=4329 DPT=135 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 02:00:29 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.153.106.238 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=6936 DF PROTO=TCP SPT=4455 DPT=17300 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 02:00:30 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.225.183.232 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=123 ID=55926 DF PROTO=TCP SPT=4329 DPT=135 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 02:01:00 smoothwall CROND[31958]: (nobody) CMD (/usr/local/bin/stayup.pl >/dev/null)

Jun 27 02:01:00 smoothwall CROND[31959]: (root) CMD (run-parts /etc/cron.hourly)

Jun 27 02:01:01 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.220.163.173 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=19278 DF PROTO=TCP SPT=4946 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 02:01:06 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.224.39.111 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=9129 DF PROTO=TCP SPT=1192 DPT=135 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 02:01:08 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=212.160.36.15 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=41923 DF PROTO=TCP SPT=1304 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 02:01:08 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.224.39.111 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=9912 DF PROTO=TCP SPT=1192 DPT=135 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 02:01:14 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.225.208.33 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=61247 DF PROTO=TCP SPT=1602 DPT=135 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 02:01:17 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.225.208.33 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=61333 DF PROTO=TCP SPT=1602 DPT=135 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 02:01:20 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=212.179.241.16 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=25826 DF PROTO=TCP SPT=1814 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

Jun 27 02:01:21 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.225.91.11 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=35147 DF PROTO=TCP SPT=2760 DPT=135 WINDOW=65535 RES=0x00 SYN URGP=0

Jun 27 02:01:22 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=61.36.66.209 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=102 ID=24827 DF PROTO=TCP SPT=1145 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 02:01:23 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=212.179.241.16 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=27731 DF PROTO=TCP SPT=1814 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

Jun 27 02:01:24 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.225.91.11 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=35386 DF PROTO=TCP SPT=2760 DPT=135 WINDOW=65535 RES=0x00 SYN URGP=0

Jun 27 02:01:25 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=61.36.66.209 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=102 ID=26011 DF PROTO=TCP SPT=1145 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 02:01:29 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=212.179.241.16 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=31898 DF PROTO=TCP SPT=1814 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

Jun 27 02:01:32 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=61.36.66.209 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=102 ID=28543 DF PROTO=TCP SPT=1145 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 02:01:34 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=213.23.58.216 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=7463 DF PROTO=TCP SPT=3798 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 02:01:36 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=213.23.58.216 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=7903 DF PROTO=TCP SPT=3798 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 02:01:43 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=213.23.58.216 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=8788 DF PROTO=TCP SPT=3798 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 02:01:45 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.215.95.52 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=45692 DF PROTO=TCP SPT=2656 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 02:01:48 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.215.95.52 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=45932 DF PROTO=TCP SPT=2656 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 02:02:00 smoothwall CROND[31962]: (nobody) CMD (/usr/local/bin/stayup.pl >/dev/null)

Jun 27 02:02:10 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=24.82.197.128 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=6890 DF PROTO=TCP SPT=4793 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 02:02:11 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=24.87.176.155 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=411 DF PROTO=TCP SPT=1194 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 02:02:13 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=24.82.197.128 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=8087 DF PROTO=TCP SPT=4793 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 02:02:14 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=204.95.11.26 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=20262 DF PROTO=TCP SPT=2933 DPT=445 WINDOW=8760 RES=0x00 SYN URGP=0

Jun 27 02:02:14 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=24.87.176.155 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=1836 DF PROTO=TCP SPT=1194 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 02:02:19 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=24.82.197.128 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=10885 DF PROTO=TCP SPT=4793 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 02:02:20 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=24.87.176.155 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=4595 DF PROTO=TCP SPT=1194 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 02:02:43 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=61.51.190.209 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=45191 DF PROTO=TCP SPT=3751 DPT=17300 WINDOW=65535 RES=0x00 SYN URGP=0

Jun 27 02:02:55 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.225.167.87 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=123 ID=56615 DF PROTO=TCP SPT=4580 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 02:03:00 smoothwall CROND[31965]: (nobody) CMD (/usr/local/bin/stayup.pl >/dev/null)

Jun 27 02:03:06 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=80.137.237.60 DST=81.225.169.198 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=7575 DF PROTO=TCP SPT=4560 DPT=445 WINDOW=32767 RES=0x00 SYN URGP=0

Jun 27 02:03:08 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=205.185.145.210 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=49555 DF PROTO=TCP SPT=4355 DPT=445 WINDOW=8760 RES=0x00 SYN URGP=0

Jun 27 02:03:09 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=80.137.237.60 DST=81.225.169.198 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=7857 DF PROTO=TCP SPT=4560 DPT=445 WINDOW=32767 RES=0x00 SYN URGP=0

Jun 27 02:03:17 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=80.137.237.60 DST=81.225.169.198 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=8328 DF PROTO=TCP SPT=4560 DPT=445 WINDOW=32767 RES=0x00 SYN URGP=0

Jun 27 02:03:59 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=66.167.202.132 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=28029 DF PROTO=TCP SPT=61395 DPT=445 WINDOW=65520 RES=0x00 SYN URGP=0

Jun 27 02:04:00 smoothwall CROND[31968]: (nobody) CMD (/usr/local/bin/stayup.pl >/dev/null)

Jun 27 02:04:02 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=66.167.202.132 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=28954 DF PROTO=TCP SPT=61395 DPT=445 WINDOW=65520 RES=0x00 SYN URGP=0

Jun 27 02:04:04 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=66.167.202.132 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=29539 DF PROTO=TCP SPT=63083 DPT=445 WINDOW=65520 RES=0x00 SYN URGP=0

Jun 27 02:04:33 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=137.132.151.192 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=41208 DF PROTO=TCP SPT=1337 DPT=17300 WINDOW=65520 RES=0x00 SYN URGP=65535

Jun 27 02:04:47 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.225.169.72 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=125 ID=64252 DF PROTO=TCP SPT=4105 DPT=135 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 02:04:50 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.225.169.72 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=125 ID=64425 DF PROTO=TCP SPT=4105 DPT=135 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 02:05:00 smoothwall CROND[31973]: (nobody) CMD (/usr/local/bin/stayup.pl >/dev/null)

Jun 27 02:05:01 smoothwall CROND[31975]: (root) CMD (/usr/local/bin/rrdtool.pl >/dev/null)

Jun 27 02:05:01 smoothwall CROND[31976]: (root) CMD (/usr/local/sbin/fetchipac)

Jun 27 02:05:36 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.33.37.154 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=56571 DF PROTO=TCP SPT=1510 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 02:05:38 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.33.37.154 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=56867 DF PROTO=TCP SPT=1510 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 02:05:43 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.33.37.154 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=57503 DF PROTO=TCP SPT=1510 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 02:05:48 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=213.233.97.16 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=14363 DF PROTO=TCP SPT=3766 DPT=445 WINDOW=8760 RES=0x00 SYN URGP=0

Jun 27 02:05:51 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=213.233.97.16 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=14581 DF PROTO=TCP SPT=3766 DPT=445 WINDOW=8760 RES=0x00 SYN URGP=0

Jun 27 02:05:52 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=4.10.10.159 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=52077 DF PROTO=TCP SPT=1512 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 02:05:55 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=4.10.10.159 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=52743 DF PROTO=TCP SPT=1512 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 02:05:57 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=213.233.97.16 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=14999 DF PROTO=TCP SPT=3766 DPT=445 WINDOW=8760 RES=0x00 SYN URGP=0

Jun 27 02:06:01 smoothwall CROND[32009]: (nobody) CMD (/usr/local/bin/stayup.pl >/dev/null)

Jun 27 02:06:10 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=24.83.183.18 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=10180 DF PROTO=TCP SPT=4115 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 02:06:11 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=69.145.212.229 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=1885 DF PROTO=TCP SPT=4861 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 02:06:11 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=200.180.239.37 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=44763 DF PROTO=TCP SPT=3244 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 02:06:13 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=24.83.183.18 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=10964 DF PROTO=TCP SPT=4115 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 02:06:14 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=200.180.239.37 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=45356 DF PROTO=TCP SPT=3244 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 02:06:19 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=24.83.183.18 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=12756 DF PROTO=TCP SPT=4115 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 02:06:20 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=200.180.239.37 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=46553 DF PROTO=TCP SPT=3244 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 02:06:35 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=65.117.220.94 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=53388 DF PROTO=TCP SPT=4045 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0

Jun 27 02:06:37 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=198.53.171.91 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=21970 DF PROTO=TCP SPT=1670 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 02:06:38 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=65.117.220.94 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=53975 DF PROTO=TCP SPT=4045 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0

Jun 27 02:06:45 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.225.235.137 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=21393 DF PROTO=TCP SPT=4068 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 02:06:46 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=198.53.171.91 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=27959 DF PROTO=TCP SPT=1670 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 02:06:48 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.225.235.137 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=21727 DF PROTO=TCP SPT=4068 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 02:07:00 smoothwall CROND[32012]: (nobody) CMD (/usr/local/bin/stayup.pl >/dev/null)

Jun 27 02:07:11 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.225.255.74 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=40536 DF PROTO=TCP SPT=1790 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 02:07:14 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.225.255.74 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=40807 DF PROTO=TCP SPT=1790 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 02:07:17 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=200.59.77.35 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=105 ID=29617 DF PROTO=TCP SPT=2044 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 02:07:20 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=200.59.77.35 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=105 ID=29855 DF PROTO=TCP SPT=2044 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 02:07:26 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=200.59.77.35 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=105 ID=30378 DF PROTO=TCP SPT=2044 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

Jun 27 02:07:26 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=210.85.186.52 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=101 ID=45949 DF PROTO=TCP SPT=1667 DPT=17300 WINDOW=65535 RES=0x00 SYN URGP=0

Jun 27 02:08:00 smoothwall CROND[32015]: (nobody) CMD (/usr/local/bin/stayup.pl >/dev/null)

Jun 27 02:08:03 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.220.195.21 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=45389 DF PROTO=TCP SPT=1590 DPT=135 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 02:08:42 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=220.108.32.44 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=105 ID=62881 DF PROTO=TCP SPT=1094 DPT=445 WINDOW=65044 RES=0x00 SYN URGP=0

Jun 27 02:08:42 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=66.32.189.102 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=36203 DF PROTO=TCP SPT=4854 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0

Jun 27 02:08:45 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=220.108.32.44 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=105 ID=63400 DF PROTO=TCP SPT=1094 DPT=445 WINDOW=65044 RES=0x00 SYN URGP=0

Jun 27 02:08:51 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=220.108.32.44 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=105 ID=64341 DF PROTO=TCP SPT=1094 DPT=445 WINDOW=65044 RES=0x00 SYN URGP=0

Jun 27 02:09:00 smoothwall CROND[32018]: (nobody) CMD (/usr/local/bin/stayup.pl >/dev/null)

Jun 27 02:09:03 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.225.33.246 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=121 ID=45688 DF PROTO=TCP SPT=4769 DPT=445 WINDOW=64800 RES=0x00 SYN URGP=0

Jun 27 02:09:06 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.225.33.246 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=121 ID=46755 DF PROTO=TCP SPT=4769 DPT=445 WINDOW=64800 RES=0x00 SYN URGP=0

Jun 27 02:09:12 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.225.33.246 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=121 ID=48695 DF PROTO=TCP SPT=4769 DPT=445 WINDOW=64800 RES=0x00 SYN URGP=0

Jun 27 02:09:17 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=69.104.173.41 DST=81.225.169.198 LEN=78 TOS=0x00 PREC=0x00 TTL=110 ID=26597 PROTO=UDP SPT=62628 DPT=137 LEN=58

Jun 27 02:09:20 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=200.191.247.100 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=62477 DF PROTO=TCP SPT=2244 DPT=445 WINDOW=8760 RES=0x00 SYN URGP=0

Jun 27 02:09:24 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=200.191.247.100 DST=81.225.169.198 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=62700 DF PROTO=TCP SPT=2244 DPT=445 WINDOW=8760 RES=0x00 SYN URGP=0

Jun 27 02:09:51 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=82.217.17.96 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=115 ID=256 PROTO=UDP SPT=17921 DPT=132 LEN=1032

Jun 27 02:09:51 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=82.217.17.96 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=115 ID=256 PROTO=UDP SPT=22275 DPT=159 LEN=1032

Jun 27 02:09:51 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=82.217.17.96 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=115 ID=256 PROTO=UDP SPT=53248 DPT=84 LEN=1032

Jun 27 02:09:51 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=82.217.17.96 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=115 ID=256 PROTO=UDP SPT=31491 DPT=355 LEN=1032

Jun 27 02:09:52 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=134.184.125.41 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=110 ID=256 PROTO=UDP SPT=47104 DPT=17 LEN=1032

Jun 27 02:09:52 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=134.184.125.41 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=110 ID=256 PROTO=UDP SPT=47104 DPT=17 LEN=1032

Jun 27 02:09:52 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=82.217.17.96 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=115 ID=256 PROTO=UDP SPT=29186 DPT=205 LEN=1032

Jun 27 02:09:52 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=82.217.17.96 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=115 ID=256 PROTO=UDP SPT=3330 DPT=480 LEN=1032

Jun 27 02:09:52 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=82.217.17.96 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=115 ID=256 PROTO=UDP SPT=59904 DPT=700 LEN=1032

Jun 27 02:09:52 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=82.217.17.96 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=115 ID=256 PROTO=UDP SPT=60672 DPT=861 LEN=1032

Jun 27 02:09:52 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=81.57.215.44 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=116 ID=256 PROTO=UDP SPT=51968 DPT=349 LEN=1032

Jun 27 02:09:52 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=134.184.125.76 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=110 ID=256 PROTO=UDP SPT=57346 DPT=427 LEN=1032

Jun 27 02:09:52 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=83.154.32.2 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=113 ID=256 PROTO=UDP SPT=1026 DPT=17 LEN=1032

Jun 27 02:09:52 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=68.77.207.27 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=114 ID=256 PROTO=UDP SPT=61765 DPT=17 LEN=1032

Jun 27 02:09:52 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=24.215.52.187 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=108 ID=256 PROTO=UDP SPT=17410 DPT=889 LEN=1032

Jun 27 02:09:52 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=24.215.52.190 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=108 ID=256 PROTO=UDP SPT=55042 DPT=667 LEN=1032

Jun 27 02:09:52 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=24.215.52.83 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=108 ID=256 PROTO=UDP SPT=16897 DPT=420 LEN=1032

Jun 27 02:09:52 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=24.215.52.143 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=108 ID=256 PROTO=UDP SPT=15362 DPT=236 LEN=1032

Jun 27 02:09:52 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=82.80.6.229 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=114 ID=256 PROTO=UDP SPT=1026 DPT=349 LEN=1032

Jun 27 02:09:52 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=68.91.5.13 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=108 ID=256 PROTO=UDP SPT=60218 DPT=17 LEN=1032

Jun 27 02:09:52 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=200.78.106.41 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=106 ID=256 PROTO=UDP SPT=47104 DPT=17 LEN=1032

Jun 27 02:09:52 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=192.192.232.234 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=112 ID=256 PROTO=UDP SPT=32514 DPT=834 LEN=1032

Jun 27 02:09:52 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=192.192.232.238 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=112 ID=256 PROTO=UDP SPT=50178 DPT=87 LEN=1032

Jun 27 02:09:52 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=192.192.232.185 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=112 ID=256 PROTO=UDP SPT=30466 DPT=28 LEN=1032

Jun 27 02:09:52 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=192.192.232.136 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=112 ID=256 PROTO=UDP SPT=22786 DPT=888 LEN=1032

Jun 27 02:09:52 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=192.192.232.47 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=112 ID=256 PROTO=UDP SPT=34560 DPT=832 LEN=1032

Jun 27 02:09:52 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=192.192.232.189 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=112 ID=256 PROTO=UDP SPT=40192 DPT=227 LEN=1032

Jun 27 02:09:52 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=210.60.92.130 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=107 ID=256 PROTO=UDP SPT=20244 DPT=305 LEN=1032

Jun 27 02:09:52 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=192.192.232.177 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=112 ID=256 PROTO=UDP SPT=62720 DPT=1020 LEN=1032

Jun 27 02:09:52 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=192.192.232.14 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=112 ID=256 PROTO=UDP SPT=32256 DPT=922 LEN=1032

Jun 27 02:09:52 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=61.106.67.36 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=108 ID=256 PROTO=UDP SPT=36098 DPT=947 LEN=1032

Jun 27 02:09:52 smoothwall kernel: IN=eth1 OUT= MAC=00:06:5b:32:13:9f:00:02:3b:01:dd:64:08:00 SRC=210.60.92.130 DST=81.225.169.198 LEN=1052 TOS=0x00 PREC=0x00 TTL=107 I



DDOS - Ritter - 2004-06-27


This does look like an attack, but it just doesnt look like a very good one. Did this actaully cause any loss of service? or maybe just some packet loss..

 

I build all my own firewalls and hosting BNCs for high profile peeps has caused serious 'testing' to occur, so I've evolved and adapted my firewall to sustain some serious attacks without issue. These logs just dont even seem to compare.

 

Have you considered running an IDS like, Prelude?

 

--

Ritter




DDOS - z0ny - 2004-06-27


There is nothing you can do, a firewall may even amplify the attack as your kernel has to cope with the thousands of packets penetrating your external interface. Only your uplink provider is able do something (null routes, packet filters, ...). You should contact local authorities. Damn kiddies...

 

z0ny




DDOS - anyweb - 2004-06-27


thanks...

 

anyway that i can trace back to the source ?

 

i have all the logs (60 or so MB of logs... yeah 60 MEgabytes...)

 

cheers

 

anyweb




DDOS - z0ny - 2004-06-27


I don't think you have any chance at all as I am guessing that the attacking IP's are bots in a large net. You would have to hack one bot and log anything there. :)

 

z0ny