[Project_owners] DOS

Pete Collins pete at mozdev.org
Mon Oct 27 11:19:29 EST 2003


Message I sent to admin today: I notified abuse at race.com and the auto 
responder sited a different IP that has been shut down. So they are 
having problems over there.

This DOS attack looks like the old ones we've experienced in the past.

-----------------------------------------------------------------------

Just today alone, the IP 64.201.107.30 made 57,537 requests to mozdev 
http, mostly to cgi scripts.

I added the IP to the http conf deny list and it appears to be working. 
Looking at the logs, this is the old DOS attack we've wittnessed in the 
past.

They are looping through requests for cgi scrips like bugzilla

GET /bugs/enter_bug.cgi?product=mozspam

Iterating through each project on by one.

Th IP seems owned by:

       Race Technologies, Inc.
       101 Haskins Way
       South San Francisco, CA 94080


---------------------------------------------------------------------------------------


$ nmap -sS -O 64.201.107.30


Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on  (64.201.107.30):
(The 1594 ports scanned but not shown below are in state: closed)
Port       State       Service
21/tcp     open        ftp
136/tcp    filtered    profile
137/tcp    filtered    netbios-ns
138/tcp    filtered    netbios-dgm
139/tcp    filtered    netbios-ssn
445/tcp    filtered    microsoft-ds
3389/tcp   open        ms-term-serv

------------------------------------------------------------------------------------------

$ traceroute 64.201.107.30
traceroute to 64.201.107.30 (64.201.107.30), 30 hops max, 38 byte packets
  1  devlab (192.168.0.1)  0.380 ms  2.285 ms  0.314 ms
  2  10.23.32.1 (10.23.32.1)  12.204 ms  9.106 ms  8.554 ms
  3  dstswr1-Vl2.rh.hntnny.cv.net (167.206.34.161)  10.355 ms  8.719 ms 
  7.225 ms
  4  r1-ge9-2.mhe.hcvlny.cv.net (167.206.34.129)  8.695 ms  18.224 ms 
8.206 ms
  5  r2-srp5-0.cr.hcvlny.cv.net (167.206.12.37)  9.185 ms  10.265 ms 
8.442 ms
  6  r1-srp1-0.wan.hcvlny.cv.net (167.206.12.98)  8.819 ms  12.303 ms 
14.618 ms
  7  r2-srp13-0.in.nycmny83.cv.net (167.206.12.148)  8.405 ms  8.336 ms 
  10.905 ms
  8  so-2-0-0.gar2.NewYork1.Level3.net (167.206.8.62)  10.425 ms  8.113 
ms  11.136 ms
  9  ge-1-3-0.bbr2.NewYork1.Level3.net (64.159.1.185)  12.588 ms  10.655 
ms  9.710 ms
10  so-0-0-0.mp1.SanFrancisco1.level3.net (209.247.9.117)  85.350 ms 
87.003 ms  85.936 ms
11  pos8-0.core2.SanFrancisco1.Level3.net (209.247.10.230)  86.259 ms 
85.976 ms  86.037 ms
12  gige7-1.ipcolo2.SanFrancisco1.Level3.net (209.244.14.222)  86.580 ms 
  93.933 ms  87.731 ms
13  unknown.Level3.net (63.211.153.226)  88.438 ms  87.672 ms  89.228 ms
14  ge0-0-0.gw1.sfrn.ca.rcn.net (208.59.255.20)  89.551 ms  88.586 ms 
88.301 ms
15  216.164.74.78 (216.164.74.78)  88.707 ms  88.215 ms *
16  ssfca-core1-gige-1-1.race.com (64.201.96.2)  86.973 ms  88.884 ms 
86.687 ms
17  64.201.107.30 (64.201.107.30)  88.761 ms  87.111 ms  87.013 ms

-- 
Pete Collins
www.mozdev.org
www.mozdevgroup.com




More information about the Project_owners mailing list