[NTLUG:Discuss] who is this 24.14.77.8
Richard Geoffrion
richard at rain.lewisville.tx.us
Fri Jun 8 02:46:31 CDT 2001
Hey! Go read this and see if this explains the port 666 stuff !!!
http://grc.com/dos/grcdos.htm
[snip]
...The Attack Profile
We know what the malicious packets were, and we will soon see (below)
exactly how they were generated. But we haven't yet seen where they all came
from. During the seventeen hours of the first attack (we were subsequently
subjected to several more attacks) we captured 16.1 gigabytes of packet log
data. After selecting UDP packets aimed at port 666 . . . I determined that
we had been
attacked by 474 Windows PC's.
This was a classic "Distributed" Denial of Service
(DDoS) attack...
[/snip]
oh and by the way...this report gave me the willies! I shudder to think of
Win2000 and WinXP in the homes of millions of absolutely clueless internet
users. Shouldn't there be a law to prevent Microsoft from doing this?
Shouldn't there be a law to prevent stupid people from having internet
access? Yeah..like an internet driver's license! hmm..probably wouldn't
fly...
But I digress...read the article and be very afraid...very, VERY afraid.
----- Original Message -----
From: "m m" <llliiilll at hotmail.com>
To: <discuss at ntlug.org>
Sent: Friday, June 08, 2001 3:24 AM
Subject: [NTLUG:Discuss] who is this 24.14.77.8
> Hi all:
> I got this guy try to 'hack me for more than weeks, does any know this
guy.
> I check with whois at arin.net, it says belong to at&t @ home.
> i wonder it is them that monitoring their customers
>
> here is a part of the log file:
> ----------------------------------------------------------------------
> Jun 7 14:01:39 c1432455-a portsentry[666]: attackalert: UDP scan from
host:
> 24.14.77.8/24.14.77.8 to UDP port: 68
> Jun 7 14:01:39 c1432455-a portsentry[666]: attackalert: Host:
> 24.14.77.8/24.14.77.8 is already blocked Ignoring
> Jun 7 14:03:00 c1432455-a portsentry[666]: attackalert: UDP scan from
host:
> 24.14.77.8/24.14.77.8 to UDP port: 68
> Jun 7 14:03:00 c1432455-a portsentry[666]: attackalert: Host:
> 24.14.77.8/24.14.77.8 is already blocked Ignoring
> Jun 7 14:41:53 c1432455-a portsentry[666]: attackalert: UDP scan from
host:
> 24.14.77.8/24.14.77.8 to UDP port: 68
> Jun 7 14:41:53 c1432455-a portsentry[666]: attackalert: Host:
> 24.14.77.8/24.14.77.8 is already blocked Ignoring
> Jun 7 14:43:14 c1432455-a portsentry[666]: attackalert: UDP scan from
host:
> 24.14.77.8/24.14.77.8 to UDP port: 68
> Jun 7 14:43:14 c1432455-a portsentry[666]: attackalert: Host:
> 24.14.77.8/24.14.77.8 is already blocked Ignoring
> Jun 7 14:43:30 c1432455-a named[542]: Cleaned cache of 1 RRset
> Jun 7 14:43:31 c1432455-a named[542]: USAGE 991943011 991539811
> CPU=1.09u/0.23s CHILDCPU=0u/0s
> Jun 7 14:43:31 c1432455-a named[542]: NSTATS 991943011 991539811 A=93
> PTR=963 MX=4 TXT=4 ANY=4
> Jun 7 14:43:31 c1432455-a named[542]: XSTATS 991943011 991539811 RR=174
> RNXD=17 RFwdR=80 RDupR=12 RFail=23 RFErr=0 RErr=0 RAXFR=0
> RLame=5 ROpts=0 SSysQ=49 SAns=69 SFwdQ=341 SDupQ=4392 SErr=7 RQ=1068 RIQ=3
> RFwdQ=0 RDupQ=663 RTCP=0 SFwdR=80 SFail=0 SFErr=0
> SNaAns=63 SNXD=28
> Jun 7 15:29:18 c1432455-a portsentry[666]: attackalert: UDP scan from
host:
> 24.14.77.8/24.14.77.8 to UDP port: 68
> Jun 7 15:29:18 c1432455-a portsentry[666]: attackalert: Host:
> 24.14.77.8/24.14.77.8 is already blocked Ignoring
> Jun 7 15:30:39 c1432455-a portsentry[666]: attackalert: UDP scan from
host:
> 24.14.77.8/24.14.77.8 to UDP port: 68
> Jun 7 15:30:39 c1432455-a portsentry[666]: attackalert: Host:
> 24.14.77.8/24.14.77.8 is already blocked Ignoring
> Jun 7 15:43:30 c1432455-a named[542]: Cleaned cache of 1 RRset
> Jun 7 15:43:31 c1432455-a named[542]: USAGE 991946611 991539811
> CPU=1.09u/0.23s CHILDCPU=0u/0s
> Jun 7 15:43:31 c1432455-a named[542]: NSTATS 991946611 991539811 A=93
> PTR=971 MX=4 TXT=4 ANY=4
> Jun 7 15:43:31 c1432455-a named[542]: XSTATS 991946611 991539811 RR=174
> RNXD=17 RFwdR=80 RDupR=12 RFail=23 RFErr=0 RErr=0 RAXFR=0
> RLame=5 ROpts=0 SSysQ=49 SAns=69 SFwdQ=343 SDupQ=4427 SErr=7 RQ=1076 RIQ=3
> RFwdQ=0 RDupQ=669 RTCP=0 SFwdR=80 SFail=0 SFErr=0
> SNaAns=63 SNXD=28
> Jun 7 15:57:44 c1432455-a portsentry[666]: attackalert: UDP scan from
host:
> 24.14.77.8/24.14.77.8 to UDP port: 68
> Jun 7 15:57:44 c1432455-a portsentry[666]: attackalert: Host:
> 24.14.77.8/24.14.77.8 is already blocked Ignoring
> Jun 7 15:59:05 c1432455-a portsentry[666]: attackalert: UDP scan from
host:
> 24.14.77.8/24.14.77.8 to UDP port: 68
> Jun 7 15:59:05 c1432455-a portsentry[666]: attackalert: Host:
> 24.14.77.8/24.14.77.8 is already blocked Ignoring
> Jun 7 16:06:59 c1432455-a portsentry[666]: attackalert: UDP scan from
host:
> 24.14.77.8/24.14.77.8 to UDP port: 68
> Jun 7 16:06:59 c1432455-a portsentry[666]: attackalert: Host:
> 24.14.77.8/24.14.77.8 is already blocked Ignoring
> Jun 7 16:08:20 c1432455-a portsentry[666]: attackalert: UDP scan from
host:
> 24.14.77.8/24.14.77.8 to UDP port: 68
> Jun 7 16:08:20 c1432455-a portsentry[666]: attackalert: Host:
> 24.14.77.8/24.14.77.8 is already blocked Ignoring
> Jun 7 16:11:06 c1432455-a portsentry[666]: attackalert: UDP scan from
host:
> 24.14.77.8/24.14.77.8 to UDP port: 68
> Jun 7 16:11:06 c1432455-a portsentry[666]: attackalert: Host:
> 24.14.77.8/24.14.77.8 is already blocked Ignoring
> Jun 7 16:12:27 c1432455-a portsentry[666]: attackalert: UDP scan from
host:
> 24.14.77.8/24.14.77.8 to UDP port: 68
> Jun 7 16:12:27 c1432455-a portsentry[666]: attackalert: Host:
> 24.14.77.8/24.14.77.8 is already blocked Ignoring
> Jun 7 16:27:11 c1432455-a portsentry[666]: attackalert: UDP scan from
host:
> 24.14.77.8/24.14.77.8 to UDP port: 68
> Jun 7 16:27:11 c1432455-a portsentry[666]: attackalert: Host:
> 24.14.77.8/24.14.77.8 is already blocked Ignoring
> Jun 7 16:28:32 c1432455-a portsentry[666]: attackalert: UDP scan from
host:
> 24.14.77.8/24.14.77.8 to UDP port: 68
> Jun 7 16:28:32 c1432455-a portsentry[666]: attackalert: Host:
> 24.14.77.8/24.14.77.8 is already blocked Ignoring
> Jun 7 16:39:26 c1432455-a portsentry[666]: attackalert: UDP scan from
host:
> 24.14.77.8/24.14.77.8 to UDP port: 68
> Jun 7 16:39:26 c1432455-a portsentry[666]: attackalert: Host:
> 24.14.77.8/24.14.77.8 is already blocked Ignoring
> Jun 7 16:40:48 c1432455-a portsentry[666]: attackalert: UDP scan from
host:
> 24.14.77.8/24.14.77.8 to UDP port: 68
> Jun 7 16:40:48 c1432455-a portsentry[666]: attackalert: Host:
> 24.14.77.8/24.14.77.8 is already blocked Ignoring
> Jun 7 16:42:48 c1432455-a portsentry[666]: attackalert: UDP scan from
host:
> 24.14.77.8/24.14.77.8 to UDP port: 68
> Jun 7 16:42:48 c1432455-a portsentry[666]: attackalert: Host:
> 24.14.77.8/24.14.77.8 is already blocked Ignoring
> ...
> Jun 7 20:28:35 c1432455-a portsentry[666]: attackalert: UDP scan from
host:
> 24.14.77.8/24.14.77.8 to UDP port: 68
> Jun 7 20:28:35 c1432455-a portsentry[666]: attackalert: Host:
> 24.14.77.8/24.14.77.8 is already blocked Ignoring
> Jun 7 20:29:56 c1432455-a portsentry[666]: attackalert: UDP scan from
host:
> 24.14.77.8/24.14.77.8 to UDP port: 68
> Jun 7 20:29:56 c1432455-a portsentry[666]: attackalert: Host:
> 24.14.77.8/24.14.77.8 is already blocked Ignoring
>
>
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>
More information about the Discuss
mailing list