First our server hold an application that only serve 4 countries. We had a repeated ddos from bonnet so would like to block all traffic except for the 4 countries that the application serve. the idea is to block them by the vlan level. so will a cisco asa 5505 or even 5520 hold in … Read more
Closed. This question needs to be more focused. It is not currently accepting answers. Want to improve this question? Update the question so it focuses on one problem only by editing this post. Closed 7 years ago. Improve this question I manage networking equipment at a small ISP for 60 highrise buildings. Each building has … Read more
This seems to occur when I initiate a connection to an IP that I haven’t previously before. Is this a botnet trying to say hi to his friends? As you can see I have an ip filter set in this image, it takes roughly 30-40 seconds for it to rack up that much ICMP traffic.. … Read more
few days ago some kind of botnet attack started on my mail server which tries to send a lot of spam emails to certain domains on my mail server. Biggest issue here is that almost every attacker IP address is different. I’ve checked log from one day and it contains about 73000 different IP addresses. … Read more
This question already has answers here: Closed 10 years ago. Possible Duplicate: My server’s been hacked EMERGENCY ZeuS backend controller abusive usage We have warned by our hosting company about there is a botnet controller (zeus) in our server. But we don’t know how it is installed and how to detect and remove it. We … Read more
About 24 hours ago a DDOS attack started against my site. The apache logs look like this: 190.56.92.50 – – [10/Nov/2011:19:09:16 +0200] “GET /browse.php HTTP/1.0” 403 1207 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3a) Gecko/20030105 Phoenix/0.5” 79.162.132.75 – – [10/Nov/2011:19:09:16 +0200] “GET /browse.php HTTP/1.0” 403 1207 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; … Read more
I have a server with WHM + CPanel and 5 of my costumer got infected with zbot. This means that the domains they have are constantly receiving requests to certain destinations. I tried to use mod_security but seems that it can’t filter every requests… I don’t really know why? I still see in the access … Read more
I’m currently experiencing a massive UDP attack on my server. I host a couple of gameservers, mainly Tf2, CS:GO, CS 1.6 and CS:Source, and my 1.6 server is being flooded. I tried different rules in iptables, but none of them seemed to work. I’m on a 100mbps bandwidth tariff, but the flood i receive is … Read more
I’m trying to track down what host is infected with ZeroAccess on my network. It runs on ports 16464-16471. I would like to find this host without having to connect my laptop to the egress (WAN) interface. (Because it would take down the internet obviously). I’m thinking I can create an ACL and then log … Read more
We are using Apache2 mod_spamhaus and many customers were banned using the “Post” method. There is no way to deny mod_spamhaus ban continuously our customers making false positive or ban customers only cause their ip is on a range of banned ips? What is the syntax of the spamhaus.wl file? It’s correct write the ips … Read more
