Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 12
Hi I have installed the fwsnort and psad in centos. I was able to block any unwanted traffic with fwsnort and psad but I was not able to block the ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2008
    Posts
    28

    fwsnort firewall not ablet to detect the DDos attack


    Hi

    I have installed the fwsnort and psad in centos.
    I was able to block any unwanted traffic with fwsnort and psad but I was not able to block the DDOS attack in fwsnort.

    I was creating the DDOS attack via LOIC tools and DosHTTP.

    Please guide for the same.

  2. #2
    Linux Newbie
    Join Date
    Jan 2013
    Posts
    116
    Hi Niraj,

    have you add snort rule for DDos, if not then do it as below and check once, it should working fine.

    Code:
     # fwsnort --include-type ddos
    Thanks

  3. #3
    Just Joined!
    Join Date
    Sep 2007
    Location
    Silver Spring, MD
    Posts
    95
    Yeah, I installed fwsnort on the machine as well.

    I think the first thing you would need to do would be to run fwsort again on your network and also change the Blacklist section of /etc/fwsnort/fwsnort.conf to add the ip address where the DDoS attack is coming from.

    Code:
     if you run ipv4
    
    fwsnort
    Code:
     If you are running ipv6
    
    fwsnort-6 or fwsnort --iptables
    Code:
     Then run the following
    
    /var/lib/fwsnort/fwsnort.sh
    
    or
    
    /sbin/iptables-restore < /var/lib/fwsnort/fwsnort.save
    One thing I noticed, when you configure it to run using IPv6, you have to change the HOME_NET to an ipv6 address, I think he should have HOME_NET6 address to differentiate between the two, but that is just my tid-bit for today.

    Todd

  4. #4
    Just Joined!
    Join Date
    Jan 2008
    Posts
    28
    Hi

    @nixsavy

    I run the with the following command
    fwsnort --include-type ddos --exclude-sid 408,384,366,368,1087,882

    then I have created the ddos attack by LOIC tools and then check in /var/log/message file

    Apr 29 11:55:34 testing kernel: possible SYN flooding on port 80. Sending cookies.


    its detecting its like Syn flooding .....

  5. #5
    Linux Newbie
    Join Date
    Jan 2013
    Posts
    116
    SYN flood is a type of ddos, when someone attack with TCP packets, that is detected by server as SYN flood, Might you have created TCP attack on your server, so your server is detecting it as SYN flood. For more details of ddos methods go through https://en.wikipedia.org/wiki/Denial...hods_of_attack. It means your firewall is working fine.

    Thanks

  6. #6
    Just Joined!
    Join Date
    Jan 2008
    Posts
    28
    Hi

    I am able to detect the DDOS attack (yn flooding .....as above I mentioned) with fwsnort with psad. I was doing the R&D with psad configuration and I was able to detect the same via fwsnort.

    But the one problem is there with that when I set the fwnort firewall with the only the following command

    fwsnort
    /var/lib/fwsnort/fwsnort.sh

    and then I browsing the my application which is hosted on this server. in that I found the following log
    "WEB-MISC whisker tab splice attack" (sid: 1087)

    for my server's genuine request i found the following so I have decided to exclude the same in fwnort then I run the following

    fwnort --exlude-sid 1087
    /var/lib/fwsnort/fwsnort.sh

    and then again I start the dos attack this time I was not able to block the ddos attack.

    Please suggest what sud I required so my genuine request will not logged(means firewall rule sud detect as a normal request) in firewall and I able block the ddos attack also.

  7. #7
    Linux Newbie
    Join Date
    Jan 2013
    Posts
    116
    May it help you.

    Whitelists and blacklists are supported by fwsnort with the WHITELIST and BLACKLIST variables in the /etc/fwsnort/fwsnort.conf file. For example, to ensure that fwsnort never takes action against communications that originate from or are destined for the webserver (IP address 192.168.10.3)

    Code:
    WHITELIST 192.168.10.3;
    Thanks

  8. #8
    Just Joined!
    Join Date
    Jan 2008
    Posts
    28
    @ NixSavy

    See if you have webserver then it will access from anywhere from the world. so whilelist will not work in that case.

    and I have tried this ruled earlier fwsnort --include-type ddos its not work. and its override all the iptables rules and there is only 21 rules remains in firewall. so Practically this will not work.

  9. #9
    Linux Newbie
    Join Date
    Jan 2013
    Posts
    116
    As per already updated you in your last replies:

    then I have created the ddos attack by LOIC tools and then check in /var/log/message file

    Apr 29 11:55:34 testing kernel: possible SYN flooding on port 80. Sending cookies.
    and
    Quote Originally Posted by niraj.vara View Post
    Hi

    I am able to detect the DDOS attack (yn flooding .....as above I mentioned) with fwsnort with psad. I was doing the R&D with psad configuration and I was able to detect the same via fwsnort.
    your firewall was working and now you says its not. ??

    How could any fwsnort rule override all rules of iptables as fwsnort designed as to translates SNORT rules into iptables rules and generates a shell script that implements the resulting iptables commands.

    Can you please give me some more info as what you have specified in below variables for your webserver:

    HOME_NET
    HTTP_SERVERS
    SMTP_SERVERS
    DNS_SERVERS
    SQL_SERVERS
    TELNET_SERVERS

    also please provide the output of below command:
    Code:
    grep SID1087 /var/log/messages
    Thanks

  10. #10
    Just Joined!
    Join Date
    Jan 2008
    Posts
    28
    Hi

    You have to practically check the same that how it override the same.
    see when I used
    fwsnort
    it will load a thousand of rules ....

    but when I load with fwsnort --include-type ddos it will load the few rules only !!!

    I think you try and check this practically and let me know the same !!!!!

    for this parameter I have used the default I have not change anything on it

    HOME_NET
    HTTP_SERVERS
    SMTP_SERVERS
    DNS_SERVERS
    SQL_SERVERS
    TELNET_SERVERS


    grep SID1087 /var/log/messages


    0x00 PREC=0x00 TTL=39 ID=58558 DF PROTO=TCP SPT=46952 DPT=80 WINDOW=546 RES=0x00 ACK FIN URGP=0 OPT (0101080A39BC45AB7BB60902)
    Apr 29 14:45:10 testing kernel: [7169] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=123.201.21.38 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=31497 DF PROTO=TCP SPT=42498 DPT=80 WINDOW=365 RES=0x00 ACK URGP=0 OPT (0101080A39BF85B37BB94E04)
    Apr 29 15:09:20 testing kernel: [7174] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=14.97.191.68 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=14629 DF PROTO=TCP SPT=53145 DPT=80 WINDOW=17520 RES=0x00 ACK URGP=0 OPT (0101050A09B1CDE609B1CDE7)
    Apr 29 15:09:20 testing kernel: [7174] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=14.97.191.68 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=14671 DF PROTO=TCP SPT=53074 DPT=80 WINDOW=17520 RES=0x00 ACK URGP=0 OPT (0101050AF5332D87F5332D8
    Apr 29 15:09:20 testing kernel: [7174] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=14.97.191.68 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=14676 DF PROTO=TCP SPT=53209 DPT=80 WINDOW=17520 RES=0x00 ACK URGP=0 OPT (0101050ADF1E4409DF1E440A)
    Apr 29 15:09:20 testing kernel: [7174] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=14.97.191.68 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=14688 DF PROTO=TCP SPT=53058 DPT=80 WINDOW=17520 RES=0x00 ACK URGP=0 OPT (0101050A80BEB97980BEB97A)
    Apr 29 15:09:23 testing kernel: [7174] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=14.97.191.68 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=15808 DF PROTO=TCP SPT=53145 DPT=80 WINDOW=17520 RES=0x00 ACK URGP=0 OPT (0101050A09B1CDE609B1CDE7)
    Apr 29 15:09:23 testing kernel: [7174] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=14.97.191.68 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=15851 DF PROTO=TCP SPT=53209 DPT=80 WINDOW=17520 RES=0x00 ACK URGP=0 OPT (0101050ADF1E4409DF1E440A)
    Apr 29 15:29:20 testing kernel: [7174] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=14.97.191.68 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=28428 DF PROTO=TCP SPT=64796 DPT=80 WINDOW=17520 RES=0x00 ACK URGP=0 OPT (0101050A1CDF09C31CDF09C4)
    Apr 29 15:29:20 testing kernel: [7174] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=14.97.191.68 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=28539 DF PROTO=TCP SPT=64777 DPT=80 WINDOW=17520 RES=0x00 ACK URGP=0 OPT (0101050AB1FBD899B1FBD89A)
    Apr 29 15:29:21 testing kernel: [7174] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=14.97.191.68 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=29532 DF PROTO=TCP SPT=64778 DPT=80 WINDOW=17520 RES=0x00 ACK URGP=0 OPT (0101050A18ACB5CB18ACB5CC)
    Apr 29 15:29:21 testing kernel: [7174] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=14.97.191.68 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=29540 DF PROTO=TCP SPT=64799 DPT=80 WINDOW=17520 RES=0x00 ACK URGP=0 OPT (0101050AD03D5753D03D5754)
    Apr 29 15:29:21 testing kernel: [7174] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=14.97.191.68 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=29553 DF PROTO=TCP SPT=64796 DPT=80 WINDOW=17520 RES=0x00 ACK URGP=0 OPT (0101050A1CDF09C31CDF09C4)
    Apr 29 15:29:21 testing kernel: [7174] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=14.97.191.68 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=29705 DF PROTO=TCP SPT=64787 DPT=80 WINDOW=17520 RES=0x00 ACK URGP=0 OPT (0101050AB5E16925B5E16926)
    Apr 29 15:29:21 testing kernel: [7174] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=14.97.191.68 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=29743 DF PROTO=TCP SPT=64779 DPT=80 WINDOW=17520 RES=0x00 ACK URGP=0 OPT (0101050A0D91D21A0D91D21B)
    Apr 29 15:29:21 testing kernel: [7174] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=14.97.191.68 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=29840 DF PROTO=TCP SPT=64777 DPT=80 WINDOW=17520 RES=0x00 ACK URGP=0 OPT (0101050AB1FBD899B1FBD89A)
    Apr 29 15:29:24 testing kernel: [7174] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=14.97.191.68 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=31986 DF PROTO=TCP SPT=64604 DPT=80 WINDOW=17520 RES=0x00 ACK URGP=0 OPT (0101050A3B4D70513B4D7605)
    Apr 29 15:35:02 testing kernel: [7174] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=14.97.191.68 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=16427 DF PROTO=TCP SPT=54275 DPT=80 WINDOW=17520 RES=0x00 ACK URGP=0 OPT (0101050ACC4BF410CC4BF411)
    Apr 29 15:35:03 testing kernel: [7174] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=14.97.191.68 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=18479 DF PROTO=TCP SPT=54350 DPT=80 WINDOW=17520 RES=0x00 ACK URGP=0 OPT (0101050ABD2462D5BD2462D6)
    Apr 29 16:22:33 testing kernel: [7174] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=14.97.191.68 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=24593 DF PROTO=TCP SPT=49810 DPT=80 WINDOW=17520 RES=0x00 ACK URGP=0 OPT (0101050A09EB728C09EB728D)
    Apr 29 16:22:34 testing kernel: [7174] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=14.97.191.68 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=24695 DF PROTO=TCP SPT=49817 DPT=80 WINDOW=17520 RES=0x00 ACK URGP=0 OPT (0101050A7F84EE097F84EE0A)
    Apr 29 16:22:34 testing kernel: [7174] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=14.97.191.68 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=25097 DF PROTO=TCP SPT=50111 DPT=80 WINDOW=17520 RES=0x00 ACK URGP=0 OPT (0101050AF1498E19F1498E1A)
    Apr 29 16:22:39 testing kernel: [7174] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=14.97.191.68 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=29609 PROTO=TCP SPT=49884 DPT=80 WINDOW=17520 RES=0x00 ACK URGP=0 OPT (0101050A99C3510899C35109)
    Apr 29 16:55:50 testing kernel: [7174] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=14.97.191.68 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=32487 DF PROTO=TCP SPT=49544 DPT=80 WINDOW=17520 RES=0x00 ACK URGP=0 OPT (0101050A798806197988061A)
    Apr 29 16:55:51 testing kernel: [7174] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=14.97.191.68 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=1670 DF PROTO=TCP SPT=49594 DPT=80 WINDOW=17520 RES=0x00 ACK URGP=0 OPT (0101050AD309BFC4D309BFC5)
    Apr 29 16:55:54 testing kernel: [7174] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=14.97.191.68 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=2685 DF PROTO=TCP SPT=49544 DPT=80 WINDOW=17520 RES=0x00 ACK URGP=0 OPT (0101050A798806197988061A)
    Apr 29 16:55:54 testing kernel: [7174] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=14.97.191.68 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=2734 DF PROTO=TCP SPT=49594 DPT=80 WINDOW=17520 RES=0x00 ACK URGP=0 OPT (0101050AD309BFC4D309BFC5)
    Apr 29 16:57:24 testing kernel: [7174] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=123.201.21.38 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=44270 DF PROTO=TCP SPT=58272 DPT=80 WINDOW=432 RES=0x00 ACK URGP=0 OPT (0101080A3A388B8E7C325C51)
    Apr 29 17:12:11 testing kernel: [7169] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=14.97.191.68 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=24737 DF PROTO=TCP SPT=56702 DPT=80 WINDOW=17520 RES=0x00 ACK URGP=0 OPT (0101050AB7CCB1B5B7CCB1B6)
    Apr 29 17:12:12 testing kernel: [7169] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=14.97.191.68 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=24772 DF PROTO=TCP SPT=56702 DPT=80 WINDOW=17520 RES=0x00 ACK URGP=0 OPT (0101050AB7CCB1B5B7CCB1B6)
    Apr 29 17:49:03 testing kernel: [7169] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=208.115.111.69 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=52 ID=16393 DF PROTO=TCP SPT=36951 DPT=80 WINDOW=54 RES=0x00 ACK URGP=0 OPT (0101080A38749CDD7C61AA15)
    Apr 29 18:06:55 testing kernel: [7169] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=123.201.21.38 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=56357 DF PROTO=TCP SPT=35519 DPT=80 WINDOW=432 RES=0x00 ACK URGP=0 OPT (0101080A3A7833097C7203A7)
    Apr 29 18:06:56 testing kernel: [7169] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=123.201.21.38 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=10505 DF PROTO=TCP SPT=56924 DPT=80 WINDOW=432 RES=0x00 ACK URGP=0 OPT (0101080A3A7834CC7C720541)
    Apr 29 18:06:56 testing kernel: [7169] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=123.201.21.38 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=51047 DF PROTO=TCP SPT=37375 DPT=80 WINDOW=432 RES=0x00 ACK URGP=0 OPT (0101080A3A7838787C720905)
    Apr 29 18:06:56 testing kernel: [7169] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=123.201.21.38 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=51048 DF PROTO=TCP SPT=37375 DPT=80 WINDOW=432 RES=0x00 ACK FIN URGP=0 OPT (0101080A3A7838787C720905)
    Apr 29 18:06:56 testing kernel: [7169] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=123.201.21.38 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=51049 DF PROTO=TCP SPT=37375 DPT=80 WINDOW=432 RES=0x00 ACK URGP=0 OPT (0101080A3A7838797C720906)
    Apr 29 18:06:57 testing kernel: [7169] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=123.201.21.38 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=34799 DF PROTO=TCP SPT=53871 DPT=80 WINDOW=432 RES=0x00 ACK URGP=0 OPT (0101080A3A7838927C720926)
    Apr 29 18:06:57 testing kernel: [7169] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=123.201.21.38 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=34800 DF PROTO=TCP SPT=53871 DPT=80 WINDOW=432 RES=0x00 ACK FIN URGP=0 OPT (0101080A3A7838927C720926)
    Apr 29 18:06:57 testing kernel: [7169] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=123.201.21.38 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=34801 DF PROTO=TCP SPT=53871 DPT=80 WINDOW=432 RES=0x00 ACK URGP=0 OPT (0101080A3A7838937C720926)
    Apr 29 18:06:57 testing kernel: [7169] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=123.201.21.38 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=62604 DF PROTO=TCP SPT=60637 DPT=80 WINDOW=365 RES=0x00 ACK URGP=0 OPT (0101080A3A7838C87C720964)
    Apr 29 18:06:57 testing kernel: [7169] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=123.201.21.38 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=58571 DF PROTO=TCP SPT=45534 DPT=80 WINDOW=365 RES=0x00 ACK URGP=0 OPT (0101080A3A7839607C7209FF)
    Apr 29 18:06:58 testing kernel: [7169] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=123.201.21.38 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=51050 DF PROTO=TCP SPT=37375 DPT=80 WINDOW=432 RES=0x00 ACK FIN URGP=0 OPT (0101080A3A783D0A7C720906)
    Apr 29 18:07:00 testing kernel: [7169] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=123.201.21.38 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=51051 DF PROTO=TCP SPT=37375 DPT=80 WINDOW=432 RES=0x00 ACK FIN URGP=0 OPT (0101080A3A78462E7C720906)
    Apr 29 18:07:05 testing kernel: [7169] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=123.201.21.38 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=51052 DF PROTO=TCP SPT=37375 DPT=80 WINDOW=432 RES=0x00 ACK FIN URGP=0 OPT (0101080A3A7858767C720906)
    Apr 29 18:07:14 testing kernel: [7169] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=123.201.21.38 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=51053 DF PROTO=TCP SPT=37375 DPT=80 WINDOW=432 RES=0x00 ACK FIN URGP=0 OPT (0101080A3A787D067C720906)
    Apr 29 18:07:33 testing kernel: [7169] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=123.201.21.38 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=51054 DF PROTO=TCP SPT=37375 DPT=80 WINDOW=432 RES=0x00 ACK FIN URGP=0 OPT (0101080A3A78C6267C720906)
    Apr 29 18:08:10 testing kernel: [7169] SID1087 ESTAB IN=eth1 OUT= MAC=00:25:90:02:8f:07:00:19:e8:f4:7a:3f:08:00 SRC=123.201.21.38 DST=69.64.65.166 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=51055 DF PROTO=TCP SPT=37375 DPT=80 WINDOW=432 RES=0x00 ACK FIN URGP=0 OPT (0101080A3A7958667C720906)

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •