DOS attacked big time FYI

Malware detection, cleaning and prevention
Post Reply
Gob
Posts: 18
Joined: Tue Apr 21, 2009 8:58 pm
Location: QLD

DOS attacked big time FYI

Post by Gob » Mon Jul 26, 2010 9:24 pm

I just had 2 really bad conversations with the tech support crew any way they were of no help what so ever and the last guy kept telling me one of my ADSL services was not connected.

Anyway my problem started around 6.00pm tonight.
The modem kept rebooting itself after connecting for about 15-30 seconds. After much testing it was only after it authenticated and was actually online.
(It seems apparently, that the modem was going into an overload)

The long and short of it is that I just happened to notice in the modem error log before it rebooted, and this line was repeated every few seconds.
Jan 03 10:01:07 johns.gateway:firewall:info: 97.742 Blocked Prot=17, 41.0.38.166:5144 > 58.96.42.16:5060 -Disallowed Destination IP

A DOS attack.

I changed my IP from the members area and all is fixed (via a wireless connection). At least for the moment.

I looked up the IP details and this is what I got:
IP Location: South Africa South Africa Johannesburg The Ip Block 41.0.0.0/16 Has Been Assigned To Vodacom Bussiness For Isp Bussiness
Resolve Host: mx1.emailbrander.co.za
IP Address: 41.0.38.166 [Whois] [Reverse-Ip] [Ping] [DNS Lookup] [Traceroute]
inetnum: 41.0.0.0 - 41.0.255.255
netname: ORG-VA67-AFRINIC
descr: The IP Block 41.0.0.0/16 has been assigned to Vodacom Bussiness for ISP
bussiness
country: ZA
admin-c: JH2-AFRINIC
tech-c: JH2-AFRINIC
status: ASSIGNED PA
mnt-by: VODACOM-MNT
remarks: Vodacom Bussiness (ASN 36994)
source: AFRINIC # Filtered
parent: 41.0.0.0 - 41.31.255.255

person: Jacques Hendricks
address: Vodacom PTY (Ltd)
phone: +27 21 9409498
e-mail:
nic-hdl: JH2-AFRINIC
source: AFRINIC # Filtered
Maybe someone at exetel could look into this and block this range of IP's or something.

cheers

Dazzled
Volunteer Site Admin
Posts: 6003
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: DOS attacked big time FYI

Post by Dazzled » Mon Jul 26, 2010 10:32 pm

My gateway logs all this rubbish, and I seem to be probed every 15 minutes or so. My "favourite" is a clown from Georgia who appears to be sooling nmap onto me, judging by the traffic. I've been tempted at times to return the favour. I don't have any idea why he comes back from time to time. I've not had a South African - I'll swap you two from the old USSR and two from China for him. Be thankful the router firewall is doing its job.

Post Reply