Login Register






SMTPMart - Buy Inbox SMTP | Leads | Shell | cPanel 100% Bonus on 1st deposit | Instant Refunds
ProxyByte $2/GB | Residential IPv4 - No Logs - 26M+ IPs - All unblocked
REFUNDING.GG | #1 REFUND SERVICE | SAME DAY REFUNDS | WORLDWIDE ORDERS | GET ITEMS 85% OFF
New Ownership - Policies and Changes Going Forward
The stories and information posted here are artistic works of fiction and falsehood. Only a fool would take anything posted here as fact.
Thread Rating:
  • 0 Vote(s) - 0 Average


Please confirm this is a ddos attack [Logs] filter_list
Author
Message
The Real Slim Shady Away
Banned
Twelve Years of Service
Posts: 3,165
Threads: 99
Currency: 101 NSP
RE: Please confirm this is a ddos attack [Logs] 02-10-2014, 02:53 AM #4
(02-10-2014, 01:00 AM)Ligeti Wrote: In wireshark:
src ip target ip protocol src port>target port

So ... something on 192.168.2.104 is sending all that trafic randomly, this looks similar to
nmap -sS 192.168.1.x but random targets...

So is it DDoS? I don't think so...

[edit] But I am still not sure, could you please share the cap file with us? (in case you still have it)...

Thanks

You're right... I dont think he's being ddos'd directly. The source ip and source port of the transmissions are of his server... the destination are all external. they're also all different. its not a targetted attack on someone so i would rule out being used as slave to DDoS.

There is definitely something suspicious. I dont know anything about a CSS server though so I cant say much about it, but perhaps someone has compromised it? or its misconfigured in some way? that many consecutive rst packets seems to be odd though. something is clearly not right

Reply





Messages In This Thread



Users browsing this thread: 1 Guest(s)