delphij's Chaos


22 Jun 2004 under SYNFLOOD attack!

I have watched spurious SYN messages and apparantly this has affected’s networking subsystem, namely, its mail system. The attack is from

Whois indicates is:

inetnum: -
netname:      NINET
descr:        Net-Infinity Technology Development Ltd
descr:        China Internet Service Provider, Beijing
country:      CN
admin-c:      EC168-AP
tech-c:       EC168-AP
mnt-by:       APNIC-HM
mnt-lower:    MAINT-CN-NI
changed: 20020108
source:       APNIC
person:       Ellis Cheung
address:      Level B3, Tower E1
address:      The Towers, Oriental Plaza
address:      No. 1 East Chang An Ave.
address:      Dong Cheng District
address:      Beijing, 100738, China
country:      CN
phone:        +86-10-81586260
fax-no:       +86-10-81586287
nic-hdl:      EC168-AP
mnt-by:       MAINT-CN-NI
changed: 20011217
source:       APNIC

Is this a worm, or an attacker? Not sure.

Apparantly, the security mechanism in BJUT did NOT protected As I have stated before, it must protect itself, rather than relying on the badly designed firewall. It’s not a fault of Cisco firewall, but a bad design by the corporation which has designed the firewall system, they apparantly lied.

After enabling pf(4)’s SYN PROXY mechanism, the attack seems to be mitigated. I am not sure whether it is actually defeated, though, but at least, from the log, it does not do anything useful for the attacker.