Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
325
Views
0
Helpful
1
Replies

Spurious Traffic

kumarsantosh
Level 1
Level 1

‎03-31-2004 02:10 AM - edited ‎03-09-2019 06:55 AM

Dear All,

We are the ISP,one of our customer he is also an ISP who is taken bandwidth from us.From yesterday he has facing some spurious traffic in his end,maximim attack is from port 80,135.we block the subnet 61.x.x.x,x.x.103.0 at our end.But still the customer is getting such type of huge traffic.I am sending you the log for ur help:

> > 17:02:01.296910 x.x.x.117.3268 > 61.17.101.214.http: S

> 2621461165:2621461165(0) win 8760 <mss 1460,nop,nop,sackOK> (DF)

> > 17:02:01.297028 221.x.x.x.3268 > 61.17.101.214.http: S

> 2621461165:2621461165(0) win 8760 <mss 1460,nop,nop,sackOK> (DF)

> > 17:02:01.297115 x.x1.x.117.3268 > 61.17.101.214.http: S

> > 17:02:02.301512 x.x.x.42.3827 > 61.17.101.14.http: S

> 959486086:959486086(0) win 65535 <mss 1460,nop,nop,sackOK> (DF)

> > 17:02:02.301597 x.x.98.42.3827 > 61.17.101.14.http: S

> 959486086:959486086(0) win 65535 <mss 1460,nop,nop,sackOK> (DF)

> > 17:02:02.301629 x.x.x.42.3827 > 61.17.101.14.http: S

> 959486086:959486086(0) win 65535 <mss 1460,nop,nop,sackOK> (DF)

> > 17:02:02.301712 x.xx.42.3827 > 61.17.101.14.http: S

> 959486086:959486086(0) win 65535 <mss 1460,nop,nop,sackOK> (DF)

> > 17:02:02.301743 x.x.x.42.3827 > 61.17.101.14.http: S

> 959486086:959486086(0) win 65535 <mss 1460,nop,nop,sackOK> (DF)

> > 17:02:02.301826 24.x.x.x.3827 > 61.17.101.14.http: S

> 1630734065:1630734065(0) win 65535 <mss 1380,nop,nop,sackOK> (DF)

> > 17:02:10.364955 x.x.x.16.4283 > 61.17.101.180.135: S

> 1630734065:1630734065(0) win 65535 <mss 1380,nop,nop,sackOK> (DF)

> > 17:02:10.364987 203.x.x.x.4283 > 61.17.101.180.135: S

> 1630734065:1630734065(0) win 65535 <mss 1380,nop,nop,sackOK> (DF)

> > 17:02:10.365094 203.x.x.x.4283 > 61.17.101.180.135: S

> 1630734065:1630734065(0) win 65535 <mss 1380,nop,nop,sackOK> (DF)

> > 17:02:10.365209 203.x.x.16.4283 > 61.17.101.180.135: S

> 1630734065:1630734065(0) win 65535 <mss 1380,nop,nop,sackOK> (DF)

> > 17:02:10.365294 203.x.x.16.4283 > 61.17.101.180.135: S

> 1630734065:1630734065(0) win 65535 <mss 1380,nop,nop,sackOK> (DF)

> > 17:02:10.365330 2x.x.x.16.4283 > 61.x.x.180.135: S

Labels:
0 Helpful
1 Reply 1

lisa.hall
Level 2
Level 2

‎04-08-2004 12:34 PM

Is your customer multihomed?? is so has he blocked there also??

0 Helpful
Customers Also Viewed These Support Documents