The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Server used by atack

Discussion in 'General Discussion' started by Alexandre Duran, Apr 25, 2005.

  1. Alexandre Duran

    Alexandre Duran Well-Known Member

    Joined:
    May 6, 2003
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Rio de Janeiro - BRAZIL
    Hi Gurus,

    An user in one of my servers is using a script to attack other servers.

    This configuration in APF:

    # Egress filtering [0 = Disabled / 1 = Enabled]
    EGF="1"

    # Common egress (outbound) TCP ports
    EG_TCP_CPORTS=" 21,22,25,26,27,37,43,53,80,110,113,443,465,873,2089"

    # Common egress (outbound) UDP ports
    EG_UDP_CPORTS="20,21,53,123,465,873"


    Does this configuration work to block this attack type below ? (XX.XX.XX.XX is the main IP of my server)

    NOC
    XX.XX.XX.XX
    201.14.100.20

    0.0107 seconds ellapsed in capture
    4673 inbound PPS to 201.14.100.20
    0 outbound PPS from 201.14.100.20
    36.15 inbound Mbps to 201.14.100.20
    0.00 outbound Mbps from 201.14.100.20


    Re-crunch on keyword: Exclude sources with:

    1 2005-04-24 19:58:19.903104 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 16293
    3 2005-04-24 19:58:19.903194 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 31844
    5 2005-04-24 19:58:19.903284 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 54104
    7 2005-04-24 19:58:19.903375 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 9131
    13 2005-04-24 19:58:19.903601 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 56337
    24 2005-04-24 19:58:19.904451 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 10853
    27 2005-04-24 19:58:19.904773 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 37407
    33 2005-04-24 19:58:19.905017 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 17334
    34 2005-04-24 19:58:19.905100 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 29842
    36 2005-04-24 19:58:19.905196 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 40211
    37 2005-04-24 19:58:19.905276 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 35243
    39 2005-04-24 19:58:19.905373 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 15018
    40 2005-04-24 19:58:19.905456 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 11644
    41 2005-04-24 19:58:19.905539 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 3032
    44 2005-04-24 19:58:19.905639 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 18521
    48 2005-04-24 19:58:19.905863 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 14121
    51 2005-04-24 19:58:19.905957 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 34814
    52 2005-04-24 19:58:19.906042 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 36752
    54 2005-04-24 19:58:19.906132 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 33890
    55 2005-04-24 19:58:19.906213 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 11611
    59 2005-04-24 19:58:19.906318 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 29708
    61 2005-04-24 19:58:19.906408 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 399
    66 2005-04-24 19:58:19.906610 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 25381
    69 2005-04-24 19:58:19.906823 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 11189
    75 2005-04-24 19:58:19.906981 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 50340
    77 2005-04-24 19:58:19.907101 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 61493
    87 2005-04-24 19:58:19.907484 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 54979
    88 2005-04-24 19:58:19.907567 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 55977
    97 2005-04-24 19:58:19.908051 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 53051
    99 2005-04-24 19:58:19.908138 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 49037
    120 2005-04-24 19:58:19.909333 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 27913
    133 2005-04-24 19:58:19.910136 XX.XX.XX.XX -> 201.14.100.20 UDP Source port: 58601 Destination port: 53823
     
Loading...

Share This Page