• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Getting slammed by some Asian network

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Computer Forensics and Incident Response

View previous topic :: View next topic  
Author Message
snootalope
Just Arrived
Just Arrived


Joined: 14 Jan 2003
Posts: 4
Location: IA _ USA

Offline

PostPosted: Thu Aug 09, 2007 8:28 pm    Post subject: Getting slammed by some Asian network Reply with quote

Ok, our network has just been getting flooded with http requests from some APNIC controlled network.

I've tried sending abuse reports to every email address I can find that whois.net returns, but nothing seems to be stopping this.

Of course I've got the IP's blocked but just the incoming requests are enough to slow down our internet pipe and it's starting to take it's tole one our websites performance.

I've contact our ISP but they say they don't block upstream traffic.

What the heck can I do?!?

The IP's that are flooding us are:

122.152.181.154
and
122.152.181.164

Anybody got any recommendations? This is really starting to P'ss me off!!!! I'm about ready to start calling the phone numbers listed by whois and rip into these people!!
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
The_Real_Gandalf
Trusted SF Member
Trusted SF Member


Joined: 14 Apr 2004
Posts: 0
Location: Athens,Greece

Offline

PostPosted: Tue Sep 25, 2007 10:22 am    Post subject: Reply with quote

Your response to the attack (possibly your scan) raised a flag that the network on this IP is "Alive" and you got listed in an attacking/scanning bot , possibly.

The easiest way to get rid of them , is to set your Router or Firewall to drop ICMP requests (echo off) which will turn your IP as "non-active" in your ISP's subnet.

So if this bot is scanning a subnet range , your IP will remain hidden and all attempts to connect/scan it, will be dropped from the other side.

If it remains there , then another thing you can do is to ask your ISP to change IP (if it is a static one).

Gandalf
Back to top
View user's profile Send private message Visit poster's website AIM Address
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Computer Forensics and Incident Response All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register