beastie.frontfree.net under SYNFLOOD attack!
I have watched spurious SYN messages and apparantly this has affected beastie.frontfree.net’s networking subsystem, namely, its mail system. The attack is from 203.81.27.11.
Whois indicates 203.81.27.11 is:
inetnum: 203.81.16.0 - 203.81.31.255
netname: NINET
descr: Net-Infinity Technology Development Ltd
descr: China Internet Service Provider, Beijing
country: CN
admin-c: EC168-AP
tech-c: EC168-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-CN-NI
changed: hostmaster@apnic.net 20020108
status: ALLOCATED PORTABLE
source: APNIC
person: Ellis Cheung
address: Level B3, Tower E1
address: The Towers, Oriental Plaza
address: No. 1 East Chang An Ave.
address: Dong Cheng District
address: Beijing, 100738, China
country: CN
phone: +86-10-81586260
fax-no: +86-10-81586287
e-mail: ellis.cheung@net-infinity.net
nic-hdl: EC168-AP
mnt-by: MAINT-CN-NI
changed: ellis.cheung@net-infinity.net 20011217
source: APNIC
Is this a worm, or an attacker? Not sure.
Apparantly, the security mechanism in BJUT did NOT protected beastie.frontfree.net. As I have stated before, it must protect itself, rather than relying on the badly designed firewall. It’s not a fault of Cisco firewall, but a bad design by the corporation which has designed the firewall system, they apparantly lied.
After enabling pf(4)’s SYN PROXY mechanism, the attack seems to be mitigated. I am not sure whether it is actually defeated, though, but at least, from the log, it does not do anything useful for the attacker.