Pages

Wednesday, January 23, 2008

DDoS Attack and Portscans by P2P and Servers

For IP Filter dat:
http://whois.domaintools.com/90.25.73.81 (repeated log entries)
http://whois.domaintools.com/72.79.135.50
http://whois.domaintools.com/92.112.10.247 (92.0.0.0/8) (repeated)
http://whois.domaintools.com/124.13.82.125 (repeated log entries)
http://whois.domaintools.com/72.79.138.185 (72.64.0.0/11) (repeated)
http://whois.domaintools.com/72.79.142.186 (repeated)
http://whois.domaintools.com/92.112.5.46
http://whois.domaintools.com/72.79.128.12 (repeated)
http://whois.domaintools.com/60.54.9.133 (repeated)
http://whois.domaintools.com/122.116.116.34
http://whois.domaintools.com/116.15.80.136 (repeated)
http://whois.domaintools.com/84.75.67.250
http://whois.domaintools.com/172.214.18.253 (CIDR: 172.192.0.0/12, 172.208.0.0/13, 172.216.0.0/16) (repeated)
http://whois.domaintools.com/87.175.255.184 (repeated)

*repeated means aggressive attacks (logs shown always this IP)
Be aware from the above IP's! rep to Blocklist filter services (http://www.bluetack.co.uk/forums/index.php blacklist)

3 comments:

Anonymous said...

Who would do such a thing and why I wouldn't know. Did you find out where they are coming form or do they ping different ips or use there own for DDOS?

Anonymous said...

nop they don't ping on different ip's. To post the log the blog is to small. These IP's attack more than xh long ever timestamps repeat quick. Just seen they are already many days active in log. We have done a drop 'no answer' in apf.
Maybe it sound little bit paranoid but they come as soon new releases get seeded at once.

Anonymous said...

on a webseed

Post a Comment