Alexandre Duran

Well-Known Member
May 6, 2003
61
0
156
Rio de Janeiro - BRAZIL
Hi Gurus,

An user in one of my servers is using a script to attack other servers.

This configuration in APF:

# Egress filtering [0 = Disabled / 1 = Enabled]
EGF="1"

# Common egress (outbound) TCP ports
EG_TCP_CPORTS=" 21,22,25,26,27,37,43,53,80,110,113,443,465,873,2089"

# Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53,123,465,873"


Does this configuration work to block this attack type below ? (XX.XX.XX.XX is the main IP of my server)

NOC
XX.XX.XX.XX
201.14.100.20

0.0107 seconds ellapsed in capture
4673 inbound PPS to 201.14.100.20
0 outbound PPS from 201.14.100.20
36.15 inbound Mbps to 201.14.100.20
0.00 outbound Mbps from 201.14.100.20


Re-crunch on keyword: Exclude sources with:

1 2005-04-24 19:58:19.903104 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 16293
3 2005-04-24 19:58:19.903194 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 31844
5 2005-04-24 19:58:19.903284 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 54104
7 2005-04-24 19:58:19.903375 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 9131
13 2005-04-24 19:58:19.903601 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 56337
24 2005-04-24 19:58:19.904451 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 10853
27 2005-04-24 19:58:19.904773 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 37407
33 2005-04-24 19:58:19.905017 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 17334
34 2005-04-24 19:58:19.905100 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 29842
36 2005-04-24 19:58:19.905196 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 40211
37 2005-04-24 19:58:19.905276 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 35243
39 2005-04-24 19:58:19.905373 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 15018
40 2005-04-24 19:58:19.905456 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 11644
41 2005-04-24 19:58:19.905539 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 3032
44 2005-04-24 19:58:19.905639 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 18521
48 2005-04-24 19:58:19.905863 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 14121
51 2005-04-24 19:58:19.905957 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 34814
52 2005-04-24 19:58:19.906042 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 36752
54 2005-04-24 19:58:19.906132 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 33890
55 2005-04-24 19:58:19.906213 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 11611
59 2005-04-24 19:58:19.906318 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 29708
61 2005-04-24 19:58:19.906408 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 399
66 2005-04-24 19:58:19.906610 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 25381
69 2005-04-24 19:58:19.906823 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 11189
75 2005-04-24 19:58:19.906981 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 50340
77 2005-04-24 19:58:19.907101 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 61493
87 2005-04-24 19:58:19.907484 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 54979
88 2005-04-24 19:58:19.907567 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 55977
97 2005-04-24 19:58:19.908051 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 53051
99 2005-04-24 19:58:19.908138 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 49037
120 2005-04-24 19:58:19.909333 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 27913
133 2005-04-24 19:58:19.910136 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 53823