OpenBCM V1.08-5-g2f4a (Linux)

Packet Radio Mailbox

IZ3LSV

[San Dona' di P. JN]

 Login: GUEST





  
I0OJJ  > PACKET   27.07.13 00:51l 192 Lines 7054 Bytes #999 (0) @ WW
BID : Q7NI0OJJ_01H
Read: GUEST
Subj: Re^2: HTTP attach against I0OJJ site
Path: IZ3LSV<I0OJJ
Sent: 130726/2248z @:I0OJJ.ILAZ.ITA.EU [Colleferro] obcm1.07b12
From: I0OJJ @ I0OJJ.ILAZ.ITA.EU (Gus)
To:   PACKET @ WW
X-Info: Sent with login password


Hi Paula,

since that continued and diversed kinda attacks,
about from 2010/2011, I stopped the linux and
other servers 'logging' activities to prevent
a possible saturation.

Confirm that the Asia is the main responsible,
and as a further information, since I'm running
several servers, and one of most sensible/exposed
is my DNS server, which is also a target for their
main attacks, I just extract as per your request,
something to show on-the-fly (see the log list
attached below).
[rife also for N1URO 'sp msg' as further info].

This means also that the 'Second Generation ...'
(rife to other bulletins concerned) is *already*
here, among us :)

73, gus i0ojj

---------
G8PZT  > PACKET   26.07.13 22:34l 34 Lines 853 Bytes #999 (0) @ WW
BID : 000144206PZT
X-Flags: Type B Hold ! Prop ! Rep ! Cont ! Erase !
Read: I0OJJ
Subj: Re: HTTP attach against I0OJJ site
R:130726/2034z @:I0OJJ.ILAZ.ITA.EU $:000144206PZT
R:130726/2033z @:IZ3LSV.IVEN.ITA.EU $:000144206PZT
R:130726/2034z @:IW8PGT.ICAL.ITA.EU $:000144206PZT
R:130726/2034Z @:CX2SA.SAL.URY.SA #:8970 [Salto] FBB7.00e $:000144206PZT
R:130727/1034Z @:VK2DOT.CC.NSW.AUS.OC [Niagara] #:65900 XSERV500
R:130726/2034Z @:GB7PZT.#24.GBR.EU [Kidderminster] #:14400 XSERV500
From: G8PZT@GB7PZT.#24.GBR.EU (Paula)
To: PACKET@WW

Subject: Re: HTTP attach against I0OJJ site
X-Mailer: XServ v500 HTTPmail

Hi Gus,

Did your system log the exact details of the "strange" requests?

I usually find these attacks originate in China...

73, Paula



------- Original Message -------
>From: I0OJJ
>To: PACKET@WW
>Sent: 
>Subject: HTTP attach against I0OJJ site

>Hi all,
>
>just to let you know one type of cybernetic attack against
>my servers... however since about two years there are any
>possible kind of *deceptive* live attack here... but my
>systems continue to be safe :)
>
>73, gus i0ojj
>
>-----------
>26.07.13 09:04:48l SYSTEM: #L httpd: strange request from [50.98.231.94]
>26.07.13 09:05:17l SYSTEM: #L httpd: strange request from [95.17.211.200]
>26.07.13 09:09:03l SYSTEM: #L httpd: strange request from [50.98.231.94]


--------------------------------cut here------------------------------
com.	0	IN	SOA	a.gtld-servers.net.	nstld.verisign-grs.com.	1373522511	1800	900	604800	86400
65cf69a0.openresolverproject.org.	0	IN	CNAME	openresolverproject.org.
jupitoris.jaist.ac.jp.	0	IN	A	150.65.32.90
ns1.dns-servers.us.	0	IN	A	76.23.214.38
www.nc-ct.net.	0	IN	A	44.88.0.9
.	0	IN	SOA	a.root-servers.net.	nstld.verisign-grs.com.	2013070401	1800	900	604800	86400
dd0s.asia.	0	IN	A	62.116.143.10
dd0s.asia.	0	IN	SOA	ns1.parkingcrew.net.	hostmaster.parkingcrew.com.	13729696	28800	7200	604800	86400
dd0s.asia.	0	IN	NS	ns2.parkingcrew.net.
dd0s.asia.	0	IN	NS	ns1.parkingcrew.net.
1rip.com.	0	IN	SOA	ns1.1rip.com.	bongs.1rip.com.	2012291001	28800	86400	3600000	86400
vstresser.com.	0	IN	A	108.162.199.34
vstresser.com.	0	IN	A	108.162.198.34
dnsscan.shadowserver.org.	0	IN	A	216.218.229.27
mx1.hotmail.com.	0	IN	A	65.55.92.168
mx1.hotmail.com.	0	IN	A	65.55.92.184
mx1.hotmail.com.	0	IN	A	65.54.188.72
mx1.hotmail.com.	0	IN	A	65.54.188.94
mx1.hotmail.com.	0	IN	A	65.54.188.110
mx1.hotmail.com.	0	IN	A	65.54.188.126
mx1.hotmail.com.	0	IN	A	65.55.37.72
mx1.hotmail.com.	0	IN	A	65.55.37.88
mx1.hotmail.com.	0	IN	A	65.55.37.104
mx1.hotmail.com.	0	IN	A	65.55.37.120
mx1.hotmail.com.	0	IN	A	65.55.92.136
mx1.hotmail.com.	0	IN	A	65.55.92.152
isc.org.	0	IN	A	149.20.64.69
directedat.asia.	0	IN	SOA	ns1.directedat.asia.	root.directedat.asia.	2012291001	28800	86400	3600000	86400
directedat.asia.	0	IN	NS	ns2.directedat.asia.
directedat.asia.	0	IN	NS	ns1.directedat.asia.
nukes.directedat.asia.	0	IN	A	172.33.43.149
nukes.directedat.asia.	0	IN	A	172.33.43.150
nukes.directedat.asia.	0	IN	A	172.33.43.151
nukes.directedat.asia.	0	IN	A	172.33.43.152
nukes.directedat.asia.	0	IN	A	172.33.43.153
nukes.directedat.asia.	0	IN	A	172.33.43.154
nukes.directedat.asia.	0	IN	A	172.33.43.155
nukes.directedat.asia.	0	IN	A	172.33.43.156
nukes.directedat.asia.	0	IN	A	172.33.43.157
nukes.directedat.asia.	0	IN	A	172.33.43.158
nukes.directedat.asia.	0	IN	A	172.33.43.159
nukes.directedat.asia.	0	IN	A	172.33.43.160
nukes.directedat.asia.	0	IN	A	172.33.43.161
nukes.directedat.asia.	0	IN	A	172.33.43.162
nukes.directedat.asia.	0	IN	A	172.33.43.163
directedat.asia.	0	IN	A	172.33.43.213
directedat.asia.	0	IN	A	172.33.43.214
directedat.asia.	0	IN	A	172.33.43.215
directedat.asia.	0	IN	A	172.33.43.216
directedat.asia.	0	IN	A	172.33.43.217
directedat.asia.	0	IN	A	172.33.43.218
directedat.asia.	0	IN	A	172.33.43.219
directedat.asia.	0	IN	A	172.33.43.220
directedat.asia.	0	IN	A	172.33.43.221
directedat.asia.	0	IN	A	172.33.43.222
directedat.asia.	0	IN	A	172.33.43.223
directedat.asia.	0	IN	A	172.33.43.224
directedat.asia.	0	IN	A	172.33.43.225
directedat.asia.	0	IN	A	172.33.43.226
directedat.asia.	0	IN	A	172.33.43.227
directedat.asia.	0	IN	A	172.33.43.228
directedat.asia.	0	IN	A	172.33.43.229
directedat.asia.	0	IN	A	172.33.43.230
ripe.net.	0	IN	NS	sns-pb.isc.org.
ripe.net.	0	IN	NS	tinnie.arin.net.
ripe.net.	0	IN	NS	pri.authdns.ripe.net.
ripe.net.	0	IN	NS	sec1.apnic.net.
ripe.net.	0	IN	NS	ns3.nic.fr.
ripe.net.	0	IN	NS	sec3.apnic.net.
directedat.asia.	0	IN	A	172.33.44.51
directedat.asia.	0	IN	A	172.33.44.52
directedat.asia.	0	IN	A	172.33.44.53
directedat.asia.	0	IN	A	172.33.44.54
directedat.asia.	0	IN	A	172.33.44.55
directedat.asia.	0	IN	A	172.33.44.56
directedat.asia.	0	IN	A	172.33.44.57
directedat.asia.	0	IN	A	172.33.44.58
directedat.asia.	0	IN	A	172.33.44.59
directedat.asia.	0	IN	A	172.33.44.60
directedat.asia.	0	IN	A	172.33.44.61
directedat.asia.	0	IN	A	172.33.44.62
directedat.asia.	0	IN	A	172.33.44.63
directedat.asia.	0	IN	A	172.33.44.64
directedat.asia.	0	IN	A	172.33.44.65
directedat.asia.	0	IN	A	172.33.44.66
directedat.asia.	0	IN	A	172.33.44.67
directedat.asia.	0	IN	A	172.33.44.68
directedat.asia.	0	IN	A	172.33.44.69
isc.org.	0	IN	NS	ams.sns-pb.isc.org.
isc.org.	0	IN	NS	sfba.sns-pb.isc.org.
isc.org.	0	IN	NS	ord.sns-pb.isc.org.
ripe.net.	0	IN	A	193.0.6.139
ddostheinter.net.	0	IN	A	172.33.43.227
ddostheinter.net.	0	IN	A	172.33.43.228
ddostheinter.net.	0	IN	A	172.33.43.229
ddostheinter.net.	0	IN	A	172.33.43.230
ddostheinter.net.	0	IN	A	172.33.43.231
ddostheinter.net.	0	IN	A	172.33.43.232
ddostheinter.net.	0	IN	A	172.33.43.233
ddostheinter.net.	0	IN	A	172.33.43.234
ddostheinter.net.	0	IN	A	172.33.43.235
ddostheinter.net.	0	IN	A	172.33.43.236
ddostheinter.net.	0	IN	A	172.33.43.237
ddostheinter.net.	0	IN	A	172.33.43.238
ddostheinter.net.	0	IN	A	172.33.43.239
ddostheinter.net.	0	IN	A	172.33.43.240
ddostheinter.net.	0	IN	A	172.33.43.241
ddostheinter.net.	0	IN	A	172.33.43.242
ddostheinter.net.	0	IN	A	172.33.43.243
ddostheinter.net.	0	IN	A	172.33.43.244
ddostheinter.net.	0	IN	A	172.33.43.245
ddostheinter.net.	0	IN	A	172.33.43.246
www.ru.	0	IN	A	194.87.0.50
ripe.net.	0	IN	MX	200	postgirl.ripe.net.
ripe.net.	0	IN	MX	250	postlady.ripe.net.
-----------------------------cut here---------------------------------


Read previous mail | Read next mail

 18.10.2024 19:24:37lGo back Go up