+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Network Hacking (https://sinister.ly/Forum-Network-Hacking)
+--- Thread: Please confirm this is a ddos attack [Logs] (/Thread-Please-confirm-this-is-a-ddos-attack-Logs)
Please confirm this is a ddos attack [Logs] - Nille - 02-09-2014
Someone have attacked my Css server which is running on my dedicated server at home.
I got a picture of the logs, and in my eyes it looks like a ddos.
![[Image: pwOW0V1.png]](http://i.imgur.com/pwOW0V1.png)
![[Image: 7MFLH30.png]](http://i.imgur.com/7MFLH30.png)
The port i use for the server is 27015.
RE: Please confirm this is a ddos attack [Logs] - SyntaX - 02-09-2014
Confirmed from here sir.
RE: Please confirm this is a ddos attack [Logs] - Ligeti - 02-10-2014
In wireshark:
src ip target ip protocol src port>target port
So ... something on 192.168.2.104 is sending all that trafic randomly, this looks similar to
nmap -sS 192.168.1.x but random targets...
So is it DDoS? I don't think so...
[edit] But I am still not sure, could you please share the cap file with us? (in case you still have it)...
Thanks
RE: Please confirm this is a ddos attack [Logs] - The Real Slim Shady - 02-10-2014
(02-10-2014, 01:00 AM)Ligeti Wrote: In wireshark:
src ip target ip protocol src port>target port
So ... something on 192.168.2.104 is sending all that trafic randomly, this looks similar to
nmap -sS 192.168.1.x but random targets...
So is it DDoS? I don't think so...
[edit] But I am still not sure, could you please share the cap file with us? (in case you still have it)...
Thanks
You're right... I dont think he's being ddos'd directly. The source ip and source port of the transmissions are of his server... the destination are all external. they're also all different. its not a targetted attack on someone so i would rule out being used as slave to DDoS.
There is definitely something suspicious. I dont know anything about a CSS server though so I cant say much about it, but perhaps someone has compromised it? or its misconfigured in some way? that many consecutive rst packets seems to be odd though. something is clearly not right
RE: Please confirm this is a ddos attack [Logs] - Ligeti - 02-10-2014
Thank you Geoff... I would really love to know more about this case, but seems that Nille is busy now to answer our quetions.
I can create the same senario using only hping by the way! But I don't see the point... Did it affect the network's performance significantly? (did I spell that right) lol
RE: Please confirm this is a ddos attack [Logs] - The Real Slim Shady - 02-10-2014
(02-10-2014, 03:21 AM)Ligeti Wrote: Thank you Geoff... I would really love to know more about this case, but seems that Nille is busy now to answer our quetions.
I can create the same senario using only hping by the way! But I don't see the point... Did it affect the network's performance significantly? (did I spell that right) lol
LOL im slightly impressed. I dont think ive ever heard anyone else reference hping before. its a useful little tool i rank up there with netcat and nmap but that type of hacking is generally out of the scope of the "hacker" communities like this lol.
RE: Please confirm this is a ddos attack [Logs] - Nille - 02-10-2014
Sure i can share the file with you guys..
But it's a 1GB :/
https://dl.dropboxusercontent.com/u/26401686/ddos.pcapng
RE: Please confirm this is a ddos attack [Logs] - Ligeti - 02-10-2014
@Geoff thanks for the "slight" compliment
@Nille it's OK :Not-Amused: *joking*
Thanks for sharing anyway