beastie.frontfree.net under SYNFLOOD attack!

2004-06-22 16:34 • 本文约 229 字，阅读大致需要 2 分钟 | Security

I have watched spurious SYN messages and apparantly this has affected beastie.frontfree.net’s networking subsystem, namely, its mail system. The attack is from 203.81.27.11.

Whois indicates 203.81.27.11 is:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
inetnum:      203.81.16.0 - 203.81.31.255
netname:      NINET
descr:        Net-Infinity Technology Development Ltd
descr:        China Internet Service Provider, Beijing
country:      CN
admin-c:      EC168-AP
tech-c:       EC168-AP
mnt-by:       APNIC-HM
mnt-lower:    MAINT-CN-NI
changed:      hostmaster@apnic.net 20020108
status:       ALLOCATED PORTABLE
source:       APNIC

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
person:       Ellis Cheung
address:      Level B3, Tower E1
address:      The Towers, Oriental Plaza
address:      No. 1 East Chang An Ave.
address:      Dong Cheng District
address:      Beijing, 100738, China
country:      CN
phone:        +86-10-81586260
fax-no:       +86-10-81586287
e-mail:       ellis.cheung@net-infinity.net
nic-hdl:      EC168-AP
mnt-by:       MAINT-CN-NI
changed:      ellis.cheung@net-infinity.net 20011217
source:       APNIC

Is this a worm, or an attacker? Not sure.

Apparantly, the security mechanism in BJUT did NOT protected beastie.frontfree.net. As I have stated before, it must protect itself, rather than relying on the badly designed firewall. It’s not a fault of Cisco firewall, but a bad design by the corporation which has designed the firewall system, they apparantly lied.

After enabling pf(4)’s SYN PROXY mechanism, the attack seems to be mitigated. I am not sure whether it is actually defeated, though, but at least, from the log, it does not do anything useful for the attacker.