merhaba arkadaşlar, serverime kurulu Antidos(APF) modulunun çalışmasını prensibini kısaca bilmeyenler için anlatıyım.
modul sunucuya ddos yapan ip yi tespit edip, banlayarak, ip ye arin.net den whois çekip ip yönetimindeki abuse emailine yani şikayet emailine bu saldırı emailinin bir kopyasını bildiriyor.
günde onlarca [email protected] ye email atıyor ama hiç bu ne diye email atanda olmadı olacağınıda sanmıyorum
ama bugun bir tanesi cevaplandı Gaziantep üniversitesi tarafından bakmanızı istedim,
---------- gelen email -----------------------------
kimden Andrew.Beddall <[email protected]>
kime root <[email protected]>
tarih 09.Nis.2007 11:13
konu Re: Urgent: Administrative issue enclosed, please read.
gönderen alan gantep.edu.tr
The abuser is a pc in a computer center public lab.
The attack is not active now and any new programs are removed after reboot.
Dr Andrew Beddall
system admin
University of Gaziantep
---------- Original Message -----------
From: root <[email protected]>
To: [email protected]
Sent: Mon, 09 Apr 2007 11:08:04 +0300
Subject: Urgent: Administrative issue enclosed, please read.
> To whom it may concern;
>
> The remote system 193.140.xxx.xx was logged attacking our host 72.232.xxx.xx,
> this is an automated warning based on admin contacts from the arin.net whois
> database. Please do not ignore this message!
>
> 193.140.xxx.xx was found to have exceeded acceptable inbound packet flow,
> we have as such banned the remote host from our network. However to remove the
> stress from our carrier providers network, we require your assistance to
> further investigate this issue and see that it does not occure again.
>
> Enclosed below are log portions detailing the attack on our host, all time
> stamps are GMT +0300.
>
> APF [antidos] log:
> Apr 09 11:08:03 host antidos(29296): 193.140.xxx.xx:1536 -> 72.232.xxx.xx:80
> Apr 09 11:08:03 host antidos(29296): 193.140.xxx.xx-> 72.232.xxx.xx (DROPPED)
>
> - Administrative team
Dr Andrew Beddall amcamız laboratuardaki bir bilgisayardan yapılıyordu dio, tespit ettim ve yeni programları silip, bilgisayarı yeniden başlattım dio
böle biri varmı dersenizde araştırıdm http://www1.gantep.edu.tr/~andrew/hep/hepcont.htm
modul sunucuya ddos yapan ip yi tespit edip, banlayarak, ip ye arin.net den whois çekip ip yönetimindeki abuse emailine yani şikayet emailine bu saldırı emailinin bir kopyasını bildiriyor.
günde onlarca [email protected] ye email atıyor ama hiç bu ne diye email atanda olmadı olacağınıda sanmıyorum
ama bugun bir tanesi cevaplandı Gaziantep üniversitesi tarafından bakmanızı istedim,
---------- gelen email -----------------------------
kimden Andrew.Beddall <[email protected]>
kime root <[email protected]>
tarih 09.Nis.2007 11:13
konu Re: Urgent: Administrative issue enclosed, please read.
gönderen alan gantep.edu.tr
The abuser is a pc in a computer center public lab.
The attack is not active now and any new programs are removed after reboot.
Dr Andrew Beddall
system admin
University of Gaziantep
---------- Original Message -----------
From: root <[email protected]>
To: [email protected]
Sent: Mon, 09 Apr 2007 11:08:04 +0300
Subject: Urgent: Administrative issue enclosed, please read.
> To whom it may concern;
>
> The remote system 193.140.xxx.xx was logged attacking our host 72.232.xxx.xx,
> this is an automated warning based on admin contacts from the arin.net whois
> database. Please do not ignore this message!
>
> 193.140.xxx.xx was found to have exceeded acceptable inbound packet flow,
> we have as such banned the remote host from our network. However to remove the
> stress from our carrier providers network, we require your assistance to
> further investigate this issue and see that it does not occure again.
>
> Enclosed below are log portions detailing the attack on our host, all time
> stamps are GMT +0300.
>
> APF [antidos] log:
> Apr 09 11:08:03 host antidos(29296): 193.140.xxx.xx:1536 -> 72.232.xxx.xx:80
> Apr 09 11:08:03 host antidos(29296): 193.140.xxx.xx-> 72.232.xxx.xx (DROPPED)
>
> - Administrative team
Dr Andrew Beddall amcamız laboratuardaki bir bilgisayardan yapılıyordu dio, tespit ettim ve yeni programları silip, bilgisayarı yeniden başlattım dio
böle biri varmı dersenizde araştırıdm http://www1.gantep.edu.tr/~andrew/hep/hepcont.htm