[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [FW1] Urgent. I'm under attack

To: boenning@capcom.de, fw-1-mailinglist@lists.us.checkpoint.com
Subject: AW: [FW1] Urgent. I'm under attack
From: Carsten.Truckenbrodt@Bertelsmann.de
Date: Wed, 2 Aug 2000 10:25:15 +0200

    [ The following text is in the "windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]


Hi,

looks like someone from you internal network attacks an outside
irc server and not the other way round like the others say.
I would try to find the evil creature inside and kill him.

ct

> -----Ursprüngliche Nachricht-----
> Von: Dirk Boenning [mailto:boenning@capcom.de]
> Gesendet: Dienstag, 1. August 2000 18:20
> An: 'Firewall-1 Mailing list'
> Betreff: [FW1] Urgent. I'm under attack
> 
> 
> 
> Hello,
> 
> till a couple of minutes I'm under an attack. I never have seen this
> behaviour.
> I have round 'bout 50000 active connections. The Destination for all
> of these connections is irc.arnes.si (193.2.1.34). The Source is an 
> internal IP. The internal IP is not one specific IP it's changing all
> over
> the whole subnet, even if no machine is assigned to this IP. But not
> even the
> IP's cycle through all values the ports do also.
> 
> I'm sure that IP spoofing is correct configured. The all over system
> works
> since 2 years.
> 
> Any idea how to stop, what to change ??
> 
> Tia, Dirk.
> 
> BTW. It's Firewall 4.0 under Solaris 2.6
> 
> 
> 
> -- 
>  ______________________________________________________________
> |      _|_|_|   _|_|   _|_|_|   _|_|_|  _|_|_|  _|      _|     |
> |     _|       _|  _|  _|   _| _|      _|    _| _|_|  _|_|     |
> |     _|      _|_|_|_| _|_|_|  _|      _|    _| _|  _|  _|     |
> |     _|      _|    _| _|      _|      _|    _| _|      _|     |
> |      _|_|_| _|    _| _|       _|_|_|  _|_|_|  _|      _|     |
> |______________________________________________________________|
> |  CAPCom Technologie Beratung   |  Dirk Boenning              |
> |  Entwicklung und Vertrieb GmbH |  Tel.: +49 (0)6151/155-900  |
> |  Rundeturmstrasse 6            |  Fax.: +49 (0)6151/155-909  |
> |  64283 Darmstadt / Germany     |  E-Mail: boenning@capcom.de |
> |______________________________________________________________|
> 
> 
> ==============================================================
> ==================
>      To unsubscribe from this mailing list, please see the 
> instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
> 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] SMTP - Mail size filter
Next by Date: Re [FW1] Trust me, I'm a Proxy....
Prev by thread: Re: [FW1] FW: What attck type is this?
Next by thread: Re [FW1] Trust me, I'm a Proxy....
Index(es):
- Date
- Thread