-----Original Message----- From: root [mailto:root@server.scicube.com] Sent: Tuesday, March 14, 2006 9:42 AM To: hostmaster@iadvantage.net Subject: Urgent: Administrative issue enclosed, please read. To whom it may concern; The remote system 203.194.160.150 was logged attacking our host 203.194.195.159, this is an automated warning based on admin contacts from the arin.net whois database. Please do not ignore this message! 203.194.160.150 was found to have exceeded acceptable inbound packet flow, we have as such banned the remote host from our network. However to remove the stress from our carrier providers network, we require your assistance to further investigate this issue and see that it does not occure again. Enclosed below are log portions detailing the attack on our host, all time stamps are GMT +0800. Event logs: Mar 14 09:41:18 server kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:11:11:bc:23:5e:00:30:7b:95:8d:68:08:00 SRC=203.194.160.150 DST=203.194.195.159 LEN=48 TOS=0x04 PREC=0x00 TTL=127 ID=23789 DF PROTO=TCP SPT=1363 DPT=3389 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Mar 14 09:41:19 server kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:11:11:bc:23:5e:00:30:7b:95:8d:68:08:00 SRC=203.194.160.150 DST=203.194.195.160 LEN=48 TOS=0x04 PREC=0x00 TTL=127 ID=23972 DF PROTO=TCP SPT=1411 DPT=3389 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Mar 14 09:41:21 server kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:11:11:bc:23:5e:00:30:7b:95:8d:68:08:00 SRC=203.194.160.150 DST=203.194.195.159 LEN=48 TOS=0x04 PREC=0x00 TTL=127 ID=24560 DF PROTO=TCP SPT=1363 DPT=3389 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Mar 14 09:41:21 server kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:11:11:bc:23:5e:00:30:7b:95:8d:68:08:00 SRC=203.194.160.150 DST=203.194.195.159 LEN=48 TOS=0x04 PREC=0x00 TTL=127 ID=24576 DF PROTO=TCP SPT=1525 DPT=4899 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Mar 14 09:41:22 server kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:11:11:bc:23:5e:00:30:7b:95:8d:68:08:00 SRC=203.194.160.150 DST=203.194.195.160 LEN=48 TOS=0x04 PREC=0x00 TTL=127 ID=24821 DF PROTO=TCP SPT=1601 DPT=4899 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Mar 14 09:41:24 server kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:11:11:bc:23:5e:00:30:7b:95:8d:68:08:00 SRC=203.194.160.150 DST=203.194.195.159 LEN=48 TOS=0x04 PREC=0x00 TTL=127 ID=25390 DF PROTO=TCP SPT=1525 DPT=4899 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Mar 14 09:41:25 server kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:11:11:bc:23:5e:00:30:7b:95:8d:68:08:00 SRC=203.194.160.150 DST=203.194.195.160 LEN=48 TOS=0x04 PREC=0x00 TTL=127 ID=25613 DF PROTO=TCP SPT=1601 DPT=4899 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Mar 14 09:41:35 server kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:11:11:bc:23:5e:00:30:7b:95:8d:68:08:00 SRC=203.194.160.150 DST=203.194.195.159 LEN=48 TOS=0x04 PREC=0x00 TTL=127 ID=31009 DF PROTO=TCP SPT=3226 DPT=99 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Mar 14 09:41:36 server kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:11:11:bc:23:5e:00:30:7b:95:8d:68:08:00 SRC=203.194.160.150 DST=203.194.195.160 LEN=48 TOS=0x04 PREC=0x00 TTL=127 ID=31187 DF PROTO=TCP SPT=3263 DPT=99 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Mar 14 09:41:38 server kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:11:11:bc:23:5e:00:30:7b:95:8d:68:08:00 SRC=203.194.160.150 DST=203.194.195.159 LEN=48 TOS=0x04 PREC=0x00 TTL=127 ID=31935 DF PROTO=TCP SPT=3226 DPT=99 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Mar 14 09:41:39 server kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:11:11:bc:23:5e:00:30:7b:95:8d:68:08:00 SRC=203.194.160.150 DST=203.194.195.160 LEN=48 TOS=0x04 PREC=0x00 TTL=127 ID=32118 DF PROTO=TCP SPT=3263 DPT=99 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Mar 14 09:41:40 server kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:11:11:bc:23:5e:00:30:7b:95:8d:68:08:00 SRC=203.194.160.150 DST=203.194.195.159 LEN=48 TOS=0x04 PREC=0x00 TTL=127 ID=32452 DF PROTO=TCP SPT=3634 DPT=99 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Mar 14 09:41:41 server kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:11:11:bc:23:5e:00:30:7b:95:8d:68:08:00 SRC=203.194.160.150 DST=203.194.195.160 LEN=48 TOS=0x04 PREC=0x00 TTL=127 ID=32646 DF PROTO=TCP SPT=3675 DPT=99 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Mar 14 09:41:43 server kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:11:11:bc:23:5e:00:30:7b:95:8d:68:08:00 SRC=203.194.160.150 DST=203.194.195.159 LEN=48 TOS=0x04 PREC=0x00 TTL=127 ID=33288 DF PROTO=TCP SPT=3634 DPT=99 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Mar 14 09:41:45 server kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:11:11:bc:23:5e:00:30:7b:95:8d:68:08:00 SRC=203.194.160.150 DST=203.194.195.159 LEN=48 TOS=0x04 PREC=0x00 TTL=127 ID=33944 DF PROTO=TCP SPT=4003 DPT=99 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Mar 14 09:41:46 server kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:11:11:bc:23:5e:00:30:7b:95:8d:68:08:00 SRC=203.194.160.150 DST=203.194.195.160 LEN=48 TOS=0x04 PREC=0x00 TTL=127 ID=34227 DF PROTO=TCP SPT=4109 DPT=99 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Mar 14 09:41:49 server kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:11:11:bc:23:5e:00:30:7b:95:8d:68:08:00 SRC=203.194.160.150 DST=203.194.195.160 LEN=48 TOS=0x04 PREC=0x00 TTL=127 ID=35597 DF PROTO=TCP SPT=4109 DPT=99 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Mar 14 09:41:50 server kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:11:11:bc:23:5e:00:30:7b:95:8d:68:08:00 SRC=203.194.160.150 DST=203.194.195.159 LEN=48 TOS=0x04 PREC=0x00 TTL=127 ID=36059 DF PROTO=TCP SPT=4626 DPT=99 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Mar 14 09:41:51 server kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:11:11:bc:23:5e:00:30:7b:95:8d:68:08:00 SRC=203.194.160.150 DST=203.194.195.160 LEN=48 TOS=0x04 PREC=0x00 TTL=127 ID=36313 DF PROTO=TCP SPT=4693 DPT=99 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Mar 14 09:41:53 server kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:11:11:bc:23:5e:00:30:7b:95:8d:68:08:00 SRC=203.194.160.150 DST=203.194.195.159 LEN=48 TOS=0x04 PREC=0x00 TTL=127 ID=36946 DF PROTO=TCP SPT=4626 DPT=99 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Mar 14 09:41:54 server kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:11:11:bc:23:5e:00:30:7b:95:8d:68:08:00 SRC=203.194.160.150 DST=203.194.195.160 LEN=48 TOS=0x04 PREC=0x00 TTL=127 ID=37681 DF PROTO=TCP SPT=4693 DPT=99 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Mar 14 09:41:55 server kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:11:11:bc:23:5e:00:30:7b:95:8d:68:08:00 SRC=203.194.160.150 DST=203.194.195.159 LEN=48 TOS=0x04 PREC=0x00 TTL=127 ID=39026 DF PROTO=TCP SPT=1504 DPT=99 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Mar 14 09:41:56 server kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:11:11:bc:23:5e:00:30:7b:95:8d:68:08:00 SRC=203.194.160.150 DST=203.194.195.160 LEN=48 TOS=0x04 PREC=0x00 TTL=127 ID=39496 DF PROTO=TCP SPT=1631 DPT=99 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Mar 14 09:41:58 server kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:11:11:bc:23:5e:00:30:7b:95:8d:68:08:00 SRC=203.194.160.150 DST=203.194.195.159 LEN=48 TOS=0x04 PREC=0x00 TTL=127 ID=41330 DF PROTO=TCP SPT=1504 DPT=99 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Mar 14 09:41:59 server kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:11:11:bc:23:5e:00:30:7b:95:8d:68:08:00 SRC=203.194.160.150 DST=203.194.195.160 LEN=48 TOS=0x04 PREC=0x00 TTL=127 ID=42019 DF PROTO=TCP SPT=1631 DPT=99 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Mar 14 09:42:00 server kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:11:11:bc:23:5e:00:30:7b:95:8d:68:08:00 SRC=203.194.160.150 DST=203.194.195.159 LEN=48 TOS=0x04 PREC=0x00 TTL=127 ID=42874 DF PROTO=TCP SPT=2444 DPT=99 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) - Administrative team, Scicube Technology Company