Telkom ADSL Network under attack?

D

DarkSkies

Active Member
Joined
Aug 7, 2003
Messages
93
Reaction score
0
Location
Alberton, Gauteng, South Africa.
Anyone else getting a LOT of traffic from 80.121.?.? range on port 21?

First thought I might have a trojan, scanned my machine and it came up clear. Went on ISDN and I don't get any traffic from that range. Jump on ADSL and its back again.
 
I also see alot of crap from that range - eventualy just firewalled it off. its T-Dialup.net or something.

My logs of today...

<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote">[root@dragon]/var/log/snort: cat ../messages | grep "Feb 19.*SRC=80"
Feb 19 01:32:12 dragon kernel: Bad packet:IN=eth0 OUT= MAC=fe:fd:d4:0d:d0:9f:00:ff:3b:b7:9a:60:08:00 SRC=80.14.21.100 DST=212.13.208.159 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=6777 DF PROTO=TCP SPT=1132 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
Feb 19 01:32:12 dragon kernel: Bad packet:IN=eth0 OUT= MAC=fe:fd:d4:0d:d0:9f:00:ff:3b:b7:9a:60:08:00 SRC=80.14.21.100 DST=212.13.208.160 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=6802 DF PROTO=TCP SPT=1137 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
Feb 19 01:32:17 dragon kernel: Bad packet:IN=eth0 OUT= MAC=fe:fd:d4:0d:d0:9f:00:ff:3b:b7:9a:60:08:00 SRC=80.14.21.100 DST=212.13.208.227 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=7524 DF PROTO=TCP SPT=1503 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
Feb 19 01:32:20 dragon kernel: Bad packet:IN=eth0 OUT= MAC=fe:fd:d4:0d:d0:9f:00:ff:3b:b7:9a:60:08:00 SRC=80.14.21.100 DST=212.13.208.227 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=8009 DF PROTO=TCP SPT=1503 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
Feb 19 01:32:26 dragon kernel: Bad packet:IN=eth0 OUT= MAC=fe:fd:d4:0d:d0:9f:00:ff:3b:b7:9a:60:08:00 SRC=80.14.21.100 DST=212.13.208.227 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=8966 DF PROTO=TCP SPT=1503 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
Feb 19 02:57:23 dragon kernel: Bad packet:IN=eth0 OUT= MAC=fe:fd:d4:0d:d0:9f:00:ff:3b:b7:9a:60:08:00 SRC=80.105.248.42 DST=212.13.208.159 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=63703 DF PROTO=TCP SPT=4041 DPT=3127 WINDOW=65535 RES=0x00 SYN URGP=0
Feb 19 02:57:23 dragon kernel: Bad packet:IN=eth0 OUT= MAC=fe:fd:d4:0d:d0:9f:00:ff:3b:b7:9a:60:08:00 SRC=80.105.248.42 DST=212.13.208.160 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=63704 DF PROTO=TCP SPT=4042 DPT=3127 WINDOW=65535 RES=0x00 SYN URGP=0
Feb 19 02:57:24 dragon kernel: Bad packet:IN=eth0 OUT= MAC=fe:fd:d4:0d:d0:9f:00:ff:3b:b7:9a:60:08:00 SRC=80.105.248.42 DST=212.13.208.227 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=63866 DF PROTO=TCP SPT=4109 DPT=3127 WINDOW=65535 RES=0x00 SYN URGP=0
Feb 19 02:57:26 dragon kernel: Bad packet:IN=eth0 OUT= MAC=fe:fd:d4:0d:d0:9f:00:ff:3b:b7:9a:60:08:00 SRC=80.105.248.42 DST=212.13.208.160 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=64325 DF PROTO=TCP SPT=4042 DPT=3127 WINDOW=65535 RES=0x00 SYN URGP=0
Feb 19 02:57:26 dragon kernel: Bad packet:IN=eth0 OUT= MAC=fe:fd:d4:0d:d0:9f:00:ff:3b:b7:9a:60:08:00 SRC=80.105.248.42 DST=212.13.208.159 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=64330 DF PROTO=TCP SPT=4041 DPT=3127 WINDOW=65535 RES=0x00 SYN URGP=0
Feb 19 02:57:27 dragon kernel: Bad packet:IN=eth0 OUT= MAC=fe:fd:d4:0d:d0:9f:00:ff:3b:b7:9a:60:08:00 SRC=80.105.248.42 DST=212.13.208.227 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=64441 DF PROTO=TCP SPT=4109 DPT=3127 WINDOW=65535 RES=0x00 SYN URGP=0
Feb 19 08:20:57 dragon kernel: Bad packet:IN=eth0 OUT= MAC=fe:fd:d4:0d:d0:9f:00:ff:3b:b7:9a:60:08:00 SRC=80.53.52.78 DST=212.13.208.159 LEN=78 TOS=0x00 PREC=0x00 TTL=108 ID=46126 PROTO=UDP SPT=1027 DPT=137 LEN=58
Feb 19 08:20:57 dragon kernel: Bad packet:IN=eth0 OUT= MAC=fe:fd:d4:0d:d0:9f:00:ff:3b:b7:9a:60:08:00 SRC=80.53.52.78 DST=212.13.208.160 LEN=78 TOS=0x00 PREC=0x00 TTL=108 ID=46382 PROTO=UDP SPT=1027 DPT=137 LEN=58
Feb 19 08:21:07 dragon kernel: Bad packet:IN=eth0 OUT= MAC=fe:fd:d4:0d:d0:9f:00:ff:3b:b7:9a:60:08:00 SRC=80.53.52.78 DST=212.13.208.227 LEN=78 TOS=0x00 PREC=0x00 TTL=108 ID=64814 PROTO=UDP SPT=1027 DPT=137 LEN=58
Feb 19 19:25:19 dragon kernel: Bad packet:IN=eth0 OUT= MAC=fe:fd:d4:0d:d0:9f:00:ff:3b:b7:9a:60:08:00 SRC=80.131.19.2 DST=212.13.208.159 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=62516 PROTO=TCP SPT=62699 DPT=6129 WINDOW=4096 RES=0x00 SYN URGP=0
Feb 19 19:25:19 dragon kernel: Bad packet:IN=eth0 OUT= MAC=fe:fd:d4:0d:d0:9f:00:ff:3b:b7:9a:60:08:00 SRC=80.131.19.2 DST=212.13.208.160 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=62517 PROTO=TCP SPT=62700 DPT=6129 WINDOW=4096 RES=0x00 SYN URGP=0
Feb 19 19:25:19 dragon kernel: Bad packet:IN=eth0 OUT= MAC=fe:fd:d4:0d:d0:9f:00:ff:3b:b7:9a:60:08:00 SRC=80.131.19.2 DST=212.13.208.227 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=62585 PROTO=TCP SPT=62767 DPT=6129 WINDOW=4096 RES=0x00 SYN URGP=0
<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">

<hr noshade size="1">
"Since light travels faster than sound, people appear bright until you hear them speak."

NetLink Research
 
Same here. Thought I had inadvertently gone to some site which now had my ip, but it seems to be a general thing. Zone alarm has so far blocked all of 127 intrutions 98 rated high.

Swonk taht eno ylno eht si nidrrym.
 
No that has nothing to do with spyware, those are dynamic IP ranges from Francetelecom and others, most likely just viruses or a botnet judging by the ports they hit me on.

<hr noshade size="1">
"Since light travels faster than sound, people appear bright until you hear them speak."

NetLink Research
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X