EvolutionCrazy
24.04.2013, 18.45
vedendo il grafico direi che per evitar sospensione del dedicato io fossi in te farei attenzione anche alle risposte... occhio ai syn cookies...
the attackers send a flood of requests to innocent servers. These requests have a single forged source IP. The target victim is at the forged source IP. This kind of indirect or ‘echo’ attack works with both TCP and UDP services.
The victim server will attempt to reply to each of these requests. These replies go to the random IP addresses. These replies are called Backscatter. The attacker doesn’t see or care about the replies. The attacker is just trying to drown the victim in a sea of bogus traffic.
Every IP address in the world sometimes receives backscatter packets. DoS attacks are so pervasive that every usable IP address is usually spoofed, sometimes multiple times a day. Since backscatter is a network anomaly, most good firewalls discard it without comment.
17:15:19.267464 IP XXX.XXX.XXX.XXX > my_ip: ICMP time exceeded in-transit, length 36 17:15:19.325217 IP XXX.XXX.XXX.XXX > my_ip: ICMP time exceeded in-transit, length 36 17:15:19.345561 IP XXX.XXX.XXX.XXX > my_ip: ICMP time exceeded in-transit, length 56 17:15:19.484865 IP XXX.XXX.XXX.XXX > my_ip: ICMP time exceeded in-transit, length 36 17:15:19.529616 IP XXX.XXX.XXX.XXX > my_ip: ICMP time exceeded in-transit, length 36 17:15:19.957058 IP XXX.XXX.XXX.XXX > my_ip: ICMP YYY.YYY.YYY.YYY tcp port 39692 unreachable, length 36 17:15:19.968957 IP XXX.XXX.XXX.XXX > my_ip: ICMP host YYY.YYY.YYY.YYY unreachable, length 56 17:15:20.112520 IP XXX.XXX.XXX.XXX > my_ip: ICMP host YYY.YYY.YYY.YYY unreachable, length 56 17:15:20.203199 IP XXX.XXX.XXX.XXX > my_ip: ICMP host YYY.YYY.YYY.YYY unreachable, length 36 17:15:20.204803 IP XXX.XXX.XXX.XXX > my_ip: ICMP host YYY.YYY.YYY.YYY unreachable, length 36