Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4155
Views
0
Helpful
1
Replies

dos attacks on rvs4000

kmclaurincisco
Level 1
Level 1

‎06-23-2010 11:19 AM

One of my clients reports very slow internet from time to time.  During these times, Wireshark reports fairly light LAN traffic.   6/17 in particular was very slow.  Below is my IPS log from that day.  ISP states that we are maxing our T1 bandwidth.  They state they they think the attacks from the logs are 'too far apart' that they would have any significant impact on our users' internet response.  Do you agree?

TIA

41 2010-06-17 23:00:30 Possible DoS HGOD SynKiller Flooding 218.8.245.123
42 2010-06-17 23:00:02 Possible DoS HGOD SynKiller Flooding 58.22.138.12
43 2010-06-17 21:59:36 Possible DoS HGOD SynKiller Flooding 58.53.128.113
44 2010-06-17 21:50:52 DoS MS-SQL Slammer Worm 118.213.78.20
45 2010-06-17 21:40:31 Possible DoS HGOD SynKiller Flooding 61.147.107.56
46 2010-06-17 18:56:12 Possible DoS HGOD SynKiller Flooding 190.241.180.147
47 2010-06-17 18:09:12 Possible DoS HGOD SynKiller Flooding 218.8.245.123
48 2010-06-17 18:03:12 BAD_TCP_FLAG 222.172.83.241
49 2010-06-17 17:51:27 Possible DoS HGOD SynKiller Flooding 61.160.207.192
50 2010-06-17 17:42:24 DDOS_TYPE_ICMP_FLOOD 124.127.106.137
51 2010-06-17 17:20:26 Possible DoS HGOD SynKiller Flooding 61.160.207.192
52 2010-06-17 17:08:02 DDOS_TYPE_ICMP_FLOOD 202.109.121.58
53 2010-06-17 16:53:32 DDOS_TYPE_ICMP_FLOOD 211.142.253.34
54 2010-06-17 16:52:25 Possible DoS HGOD SynKiller Flooding 61.160.207.192
55 2010-06-17 16:40:18 Possible DoS HGOD SynKiller Flooding 60.173.26.131
56 2010-06-17 16:32:51 DoS MS-SQL Slammer Worm 211.143.230.140
57 2010-06-17 16:28:23 DDOS_TYPE_ICMP_FLOOD 211.102.155.146
58 2010-06-17 16:26:33 Possible DoS HGOD SynKiller Flooding 61.160.207.192
59 2010-06-17 15:57:56 Possible DoS HGOD SynKiller Flooding 61.160.207.192
60 2010-06-17 15:53:16 DDOS_TYPE_ICMP_FLOOD 118.132.46.120
61 2010-06-17 15:50:56 DoS MS-SQL Slammer Worm 61.128.110.96
62 2010-06-17 15:29:54 Possible DoS HGOD SynKiller Flooding 222.186.24.38
63 2010-06-17 15:27:54 DDOS_TYPE_ICMP_FLOOD 61.153.216.106
64 2010-06-17 15:26:20 Possible DoS HGOD SynKiller Flooding 122.227.55.126
65 2010-06-17 15:23:53 Possible DoS HGOD SynKiller Flooding 61.160.207.192
66 2010-06-17 14:55:58 Possible DoS HGOD SynKiller Flooding 58.22.138.12
67 2010-06-17 14:55:42 DDOS_TYPE_ICMP_FLOOD 122.137.113.238
68 2010-06-17 14:51:38 DoS MS-SQL Slammer Worm 119.173.187.154
69 2010-06-17 14:47:10 Possible DoS HGOD SynKiller Flooding 61.160.207.192
70 2010-06-17 14:44:35 EXPLOIT Microsoft Color Management Module Buffer Overflow 220.232.214.188
71 2010-06-17 14:36:01 Possible DoS HGOD SynKiller Flooding 122.225.96.42
72 2010-06-17 14:35:26 Possible DoS HGOD SynKiller Flooding 58.53.128.113
73 2010-06-17 14:16:51 Possible DoS HGOD SynKiller Flooding 61.160.207.192
74 2010-06-17 13:56:49 DDOS_TYPE_ICMP_FLOOD 221.1.83.141
75 2010-06-17 13:51:06 Possible DoS HGOD SynKiller Flooding 121.11.86.68
76 2010-06-17 13:45:59 DoS MS-SQL Slammer Worm 211.139.255.29
77 2010-06-17 13:38:56 Possible DoS HGOD SynKiller Flooding 61.160.207.192
78 2010-06-17 13:30:05 Possible DoS HGOD SynKiller Flooding 122.227.164.71
79 2010-06-17 13:30:05 Possible DoS HGOD SynKiller Flooding 122.227.164.71
80 2010-06-17 13:13:31 DDOS_TYPE_ICMP_FLOOD 220.181.23.107
81 2010-06-17 13:04:06 Possible DoS HGOD SynKiller Flooding 61.160.207.192
82 2010-06-17 12:28:50 Possible DoS HGOD SynKiller Flooding 61.160.207.192
83 2010-06-17 12:15:19 DDOS_TYPE_UDP_FLOOD 60.48.230.134
84 2010-06-17 12:09:54 DDOS_TYPE_UDP_FLOOD 99.29.151.53
85 2010-06-17 12:00:13 Possible DoS HGOD SynKiller Flooding 61.160.207.192
86 2010-06-17 11:50:57 Possible DoS HGOD SynKiller Flooding 124.232.141.53
87 2010-06-17 11:45:04 DDOS_TYPE_ICMP_FLOOD 58.247.5.230
88 2010-06-17 11:41:52 DDOS_TYPE_UDP_FLOOD 71.188.98.228
89 2010-06-17 11:41:40 Possible DoS HGOD SynKiller Flooding 218.8.245.123
90 2010-06-17 11:41:22 DDOS_TYPE_UDP_FLOOD 67.188.34.115
91 2010-06-17 11:39:17 DDOS_TYPE_UDP_FLOOD 112.111.0.176
92 2010-06-17 11:39:14 DDOS_TYPE_UDP_FLOOD 164.111.193.6
93 2010-06-17 11:31:13 DDOS_TYPE_UDP_FLOOD 97.52.193.190
94 2010-06-17 11:25:02 DDOS_TYPE_UDP_FLOOD 99.59.72.221
95 2010-06-17 11:24:30 DDOS_TYPE_UDP_FLOOD 60.240.28.30
96 2010-06-17 11:19:51 DDOS_TYPE_UDP_FLOOD 72.134.26.228
97 2010-06-17 11:18:14 DDOS_TYPE_UDP_FLOOD 173.2.96.186
98 2010-06-17 11:18:08 DDOS_TYPE_UDP_FLOOD 112.112.247.11
99 2010-06-17 11:16:24 DDOS_TYPE_UDP_FLOOD 115.232.51.224
100 2010-06-17 11:15:40 Possible DoS HGOD SynKiller Flooding 61.160.207.192
101 2010-06-17 11:13:20 DDOS_TYPE_UDP_FLOOD 173.2.96.186
102 2010-06-17 11:11:35 DDOS_TYPE_UDP_FLOOD 74.192.201.6
103 2010-06-17 11:09:06 DDOS_TYPE_UDP_FLOOD 76.18.22.220
104 2010-06-17 11:07:01 DDOS_TYPE_UDP_FLOOD 74.192.201.6
105 2010-06-17 11:02:07 DDOS_TYPE_UDP_FLOOD 112.112.247.11
106 2010-06-17 10:59:39 DDOS_TYPE_UDP_FLOOD 112.185.68.182
107 2010-06-17 10:58:01 DDOS_TYPE_UDP_FLOOD 218.6.211.121
108 2010-06-17 10:53:40 DDOS_TYPE_UDP_FLOOD 63.97.12.50
109 2010-06-17 10:48:50 DDOS_TYPE_UDP_FLOOD 216.68.64.89
110 2010-06-17 10:40:12 DDOS_TYPE_UDP_FLOOD 169.229.85.115
111 2010-06-17 10:39:53 DDOS_TYPE_UDP_FLOOD 220.173.225.78
112 2010-06-17 10:35:28 DDOS_TYPE_UDP_FLOOD 24.239.143.130
113 2010-06-17 10:34:55 DDOS_TYPE_ICMP_FLOOD 61.153.216.106
114 2010-06-17 10:32:55 DDOS_TYPE_UDP_FLOOD 114.246.64.21
115 2010-06-17 10:31:42 DDOS_TYPE_UDP_FLOOD 70.79.7.122
116 2010-06-17 10:26:15 DDOS_TYPE_UDP_FLOOD 219.77.40.115
117 2010-06-17 09:54:42 Possible DoS HGOD SynKiller Flooding 61.147.72.55
118 2010-06-17 08:19:06 Possible DoS HGOD SynKiller Flooding 218.90.156.107
119 2010-06-17 08:19:05 Possible DoS HGOD SynKiller Flooding 117.135.131.138
120 2010-06-17 08:02:32 Possible DoS HGOD SynKiller Flooding 58.22.138.12
121 2010-06-17 07:29:05 Possible DoS HGOD SynKiller Flooding 222.186.42.141
122 2010-06-17 06:59:24 Possible DoS HGOD SynKiller Flooding 218.8.245.123
123 2010-06-17 05:37:12 Possible DoS HGOD SynKiller Flooding 218.3.121.249
124 2010-06-17 05:11:09 Possible DoS HGOD SynKiller Flooding 118.129.247.35
125 2010-06-17 02:23:43 Possible DoS HGOD SynKiller Flooding 219.140.77.51
126 2010-06-17 02:21:37 Possible DoS HGOD SynKiller Flooding 121.11.86.68
127 2010-06-17 02:10:49 Possible DoS HGOD SynKiller Flooding 222.186.25.17
128 2010-06-17 02:09:02 Possible DoS HGOD SynKiller Flooding 61.147.107.56
129 2010-06-17 01:13:39 DoS MS-SQL Slammer Worm 218.30.22.82
130 2010-06-17 01:10:33 Possible DoS HGOD SynKiller Flooding 58.22.138.12

Labels:
0 Helpful
1 Reply 1

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎06-23-2010 11:12 PM

Hi,

Denial-of-service attacks can also lead to problems in the network 'branches' around the actual computer being attacked. For example, the bandwidth of a router between the Internet and a LAN may be consumed by an attack, compromising not only the intended computer, but also the entire network.

Check out the below link with methodilogy to prevent the Dos Attacks

https://bto.bluecoat.com/packetguide/8.5/solutions/security/prevent-dos-attacks.htm

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

0 Helpful
Customers Also Viewed These Support Documents