[prev in list] [next in list] [prev in thread] [next in thread]
List: timekeepers
Subject: Re: [time] Need help limiting server
From: Martin_Schröder <martin () oneiros ! de>
Date: 2009-04-05 0:53:37
Message-ID: 68c491a60904041753x6c99b1ebr7d84c2e7cbf506ae () mail ! gmail ! com
[Download RAW message or body]
2009/4/4, Martin Schröder <martin@oneiros.de>:
> <quote>
> time src_ip dest_ip:dest_port
> -------------------------------------------------------------------
> Fri Apr 3 16:09:51 2009: 78.46.108.116 => 95.65.129.154: 2054
> Fri Apr 3 16:10:55 2009: 78.46.108.116 => 95.65.129.251: 2054
> Fri Apr 3 16:10:14 2009: 78.46.108.116 => 95.65.131.121: 2054
> Fri Apr 3 16:10:36 2009: 78.46.108.116 => 95.65.131.168: 2054
> Fri Apr 3 16:10:04 2009: 78.46.108.116 => 95.65.132.225: 2054
> </quote>
Sorry, that was the unsorted log as delivered by them. I now have
analyzed it further:
- there are 868 requests to 775 targets in 105 seconds
- notable are those who appear twice:
Fri Apr 3 16:09:57 2009: 78.46.108.116 => 95.65.184.205:32771
Fri Apr 3 16:10:27 2009: 78.46.108.116 => 95.65.184.205:32771
Fri Apr 3 16:10:53 2009: 78.46.108.116 => 95.65.185.241: 2059
Fri Apr 3 16:11:23 2009: 78.46.108.116 => 95.65.185.241: 2059
Fri Apr 3 16:10:53 2009: 78.46.108.116 => 95.65.187.239:32771
Fri Apr 3 16:11:23 2009: 78.46.108.116 => 95.65.187.239:32771
Same port, 30 seconds apart. Clearly not a port scan.
Best
Martin
_______________________________________________
timekeepers mailing list
timekeepers@fortytwo.ch
https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic