[prev in list] [next in list] [prev in thread] [next in thread]
List: dshield
Subject: RE: [Dshield] Spoofed attack from IP 127.0.0.1
From: "Keith Bergen" <keith () keithbergen ! com>
Date: 2003-10-28 17:26:36
[Download RAW message or body]
Deb,
I don't know if this relates or not, but I posted last week that I saw a
number of IP ranges that resolved to "localhost" rather than an actual
domain name. See thread "Class C resolves to localhost".
Perhaps that has something to do with what you are seeing?
Keith.
-----Original Message-----
From: list-bounces@dshield.org [mailto:list-bounces@dshield.org] On Behalf
Of Deb Hale
Sent: Tuesday, October 28, 2003 10:32 AM
To: 'General DShield Discussion List'
Subject: RE: [Dshield] Spoofed attack from IP 127.0.0.1
I am seeing the same thing on one of my Internet connections. I am trying
to figure out what is going on. If anyone has any ideas, I would appreciate
input. Deb
Hi,
We are under spoofed attack from IP 127.0.0.1 almost every minute. Is there
anything I can do?
Thanks,
Dusanka
PS: Here are few log records:
2003-10-28 13:51:45 127.0.0.1 66.28.8.96 Tcp 80
1310 RST ACK Spoof 66.28.20.42 45 00 00 28 1e 57 00 00 77
06 5b fc 7f 00 00 01 42 1c 08 60 00 50 05 1e 00 00 00 00 09 fd 00 01
50 14 00 00 d6 e7 00 00
2003-10-28 13:54:19 127.0.0.1 66.28.8.108 Tcp 80
1131 RST ACK Spoof 66.28.20.42 45 00 00 28 47 e0 00 00 77
06 32 67 7f 00 00 01 42 1c 08 6c 00 50 04 6b 00 00 00 00 10 e3 00 01
50 14 00 00 d0 a8 00 00
2003-10-28 13:54:27 127.0.0.1 66.28.8.126 Tcp 80
1346 RST ACK Spoof 66.28.20.42 45 00 00 28 4a 90 00 00 77
06 2f a5 7f 00 00 01 42 1c 08 7e 00 50 05 42 00 00 00 00 31 9d 00 01
50 14 00 00 af 05 00 00
2003-10-28 13:54:27 127.0.0.1 66.28.8.126 Tcp 80
1346 RST ACK Spoof 66.28.20.42 45 00 00 28 4a 90 00 00 77
06 2f a5 7f 00 00 01 42 1c 08 7e 00 50 05 42 00 00 00 00 31 9d 00 01
50 14 00 00 af 05 00 00
2003-10-28 13:57:15 127.0.0.1 66.28.8.101 Tcp 80
1400 RST ACK Spoof 66.28.20.42 45 00 00 28 77 ec 00 00 77
06 02 62 7f 00 00 01 42 1c 08 65 00 50 05 78 00 00 00 00 13 6e 00 01
50 14 00 00 cd 17 00 00
2003-10-28 13:58:21 127.0.0.1 66.28.8.101 Tcp 80
1547 RST ACK Spoof 66.28.20.42 45 00 00 28 89 d3 00 00 77
06 f0 7a 7f 00 00 01 42 1c 08 65 00 50 06 0b 00 00 00 00 09 21 00 01
50 14 00 00 d6 d1 00 00
2003-10-28 13:58:45 127.0.0.1 66.28.8.15 Tcp 80
1938 RST ACK BLOCKED 66.28.20.42 45 00 00 28 90 4e 00 00 77
06 ea 55 7f 00 00 01 42 1c 08 0f 00 50 07 92 00 00 00 00 3d 67 00 01
50 14 00 00 a1 5a 00 00
2003-10-28 13:59:09 127.0.0.1 66.28.8.113 Tcp 80
1154 RST ACK Spoof 66.28.20.42 45 00 00 28 96 8c 00 00 77
06 e3 b5 7f 00 00 01 42 1c 08 71 00 50 04 82 00 00 00 00 29 87 00 01
50 14 00 00 b7 e8 00 00
2003-10-28 13:59:28 127.0.0.1 66.28.8.112 Tcp 80
1023 RST ACK Spoof 66.28.20.42 45 00 00 28 9b 83 00 00 77
06 de bf 7f 00 00 01 42 1c 08 70 00 50 03 ff 00 00 00 00 70 bc 00 01
50 14 00 00 71 37 00 00
2003-10-28 14:01:24 127.0.0.1 66.28.8.97 Tcp 80
1681 RST ACK Spoof 66.28.20.42 45 00 00 28 b9 c4 00 00 77
06 c0 8d 7f 00 00 01 42 1c 08 61 00 50 06 91 00 00 00 00 1c 1a 00 01
50 14 00 00 c3 56 00 00
2003-10-28 14:01:43 127.0.0.1 66.28.8.96 Tcp 80
1782 RST ACK Spoof 66.28.20.42 45 00 00 28 be a2 00 00 77
06 bb b0 7f 00 00 01 42 1c 08 60 00 50 06 f6 00 00 00 00 63 4f 00 01
50 14 00 00 7b bd 00 00
2003-10-28 14:02:14 127.0.0.1 66.28.8.14 Tcp 80
1037 RST ACK BLOCKED 66.28.20.42 45 00 00 28 c6 bd 00 00 77
06 b3 e7 7f 00 00 01 42 1c 08 0e 00 50 04 0d 00 00 00 00 28 03 00 01
50 14 00 00 ba 44 00 00
2003-10-28 14:03:12 127.0.0.1 66.28.8.106 Tcp 80
1338 RST ACK Spoof 66.28.20.42 45 00 00 28 d6 6e 00 00 77
06 a3 da 7f 00 00 01 42 1c 08 6a 00 50 05 3a 00 00 00 00 21 c5 00 01
50 14 00 00 be f9 00 00
2003-10-28 14:03:30 127.0.0.1 66.28.8.105 Tcp 80
1439 RST ACK Spoof 66.28.20.42 45 00 00 28 db 3b 00 00 77
06 9f 0e 7f 00 00 01 42 1c 08 69 00 50 05 9f 00 00 00 00 68 fa 00 01
50 14 00 00 77 60 00 00
2003-10-28 14:03:42 127.0.0.1 66.28.8.118 Tcp 80
1075 RST ACK Spoof 66.28.20.42 45 00 00 28 de 63 00 00 77
06 9b d9 7f 00 00 01 42 1c 08 76 00 50 04 33 00 00 00 00 7a f7 00 01
50 14 00 00 66 c2 00 00
2003-10-28 14:04:54 127.0.0.1 66.28.8.12 Tcp 80
1091 RST ACK BLOCKED 66.28.20.42 45 00 00 28 f4 5f 00 00 77
06 86 47 7f 00 00 01 42 1c 08 0c 00 50 04 43 00 00 00 00 64 21 00 01
50 14 00 00 7d f2 00 00
2003-10-28 14:06:33 127.0.0.1 66.28.8.101 Tcp 80
1573 RST ACK Spoof 66.28.20.42 45 00 00 28 0e 03 00 00 77
06 6c 4b 7f 00 00 01 42 1c 08 65 00 50 06 25 00 00 00 00 7b f3 00 01
50 14 00 00 63 e5 00 00
2003-10-28 14:06:44 127.0.0.1 66.28.8.114 Tcp 80
1209 RST ACK Spoof 66.28.20.42 45 00 00 28 11 25 00 00 77
06 69 1c 7f 00 00 01 42 1c 08 72 00 50 04 b9 00 00 00 00 0d f0 00 01
50 14 00 00 d3 47 00 00
2003-10-28 14:07:03 127.0.0.1 66.28.8.113 Tcp 80
1310 RST ACK Spoof 66.28.20.42 45 00 00 28 15 e8 00 00 77
06 64 5a 7f 00 00 01 42 1c 08 71 00 50 05 1e 00 00 00 00 55 25 00 01
50 14 00 00 8b ae 00 00
2003-10-28 14:07:51 127.0.0.1 66.28.8.126 Tcp 80
1685 RST ACK Spoof 66.28.20.42 45 00 00 28 22 de 00 00 77
06 57 57 7f 00 00 01 42 1c 08 7e 00 50 06 95 00 00 00 00 75 8b 00 01
50 14 00 00 69 c4 00 00
_______________________________________________
list mailing list
list@dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
_______________________________________________
list mailing list
list@dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
_______________________________________________
list mailing list
list@dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic