Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Attacks from Plusnet address space
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Attacks from Plusnet address space
Attacks from Plusnet address space
06-01-2013 5:34 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
My router log for the last 24 hour reads:
I assume IP addresses 84.93.0.0 lie in the Plusnet region [Note my WAN address is 146.90.151.99]
Quote [DoS attack: STORM] attack packets in last 20 sec from ip [84.227.197.91], Saturday, Jan 05,2013 23:38:42
...
[DoS attack: STORM] attack packets in last 20 sec from ip [84.227.197.91], Saturday, Jan 05,2013 21:23:28
...
[DoS attack: IP Spoof] attack packets in last 20 sec from ip [192.168.1.25], Saturday, Jan 05,2013 18:52:13
[DoS attack: IP Spoof] attack packets in last 20 sec from ip [192.168.1.25], Saturday, Jan 05,2013 18:51:28
[DoS attack: IP Spoof] attack packets in last 20 sec from ip [192.168.1.25], Saturday, Jan 05,2013 18:51:05
[DoS attack: IP Spoof] attack packets in last 20 sec from ip [192.168.1.25], Saturday, Jan 05,2013 18:50:37
[DoS attack: FIN Scan] attack packets in last 20 sec from ip [84.93.235.210], Saturday, Jan 05,2013 18:10:09
...
[DoS attack: FIN Scan] attack packets in last 20 sec from ip [84.93.235.210], Saturday, Jan 05,2013 15:35:09
[DoS attack: ACK Scan] attack packets in last 20 sec from ip 84.93.225.58], Saturday, Jan 05,2013 15:34:27
...
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [84.93.225.59], Saturday, Jan 05,2013 11:44:49
...
[DoS attack: FIN Scan] attack packets in last 20 sec from ip [84.93.235.210], Saturday, Jan 05,2013 00:01:06
I assume IP addresses 84.93.0.0 lie in the Plusnet region [Note my WAN address is 146.90.151.99]
Quote jeremy@HECTOR:~$ traceroute 84.93.255.255
traceroute to 84.93.255.255 (84.93.255.255), 30 hops max, 60 byte packets
1 ROUTER (192.168.1.1) 1.845 ms 1.813 ms 1.793 ms
2 lo0-central10.ptw-ag03.plus.net (195.166.128.197) 37.421 ms 38.539 ms 38.524 ms
3 link11-central10.ptw-gw01.plus.net (84.93.248.84) 37.376 ms 37.875 ms 39.063 ms
4 xe-7-2-0.ptw-cr01.plus.net (212.159.1.20) 39.044 ms 39.937 ms 39.918 ms
5 ae1.pcl-cr01.plus.net (195.166.129.1) 39.895 ms 39.885 ms 40.449 ms
6 * * *
...
16 * * po2.pcl-gw01.plus.net (195.166.129.41) 96.530 ms
"In The Beginning Was The Word, And The Word Was Aardvark."
Message 1 of 6
(1,266 Views)
5 REPLIES 5
Re: Attacks from Plusnet address space
06-01-2013 5:48 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
The whole of the 84.93.nnn.nnn range is Plusnet's.
However 84.227.197.91 returns
However 84.227.197.91 returns
Quote inetnum: 84.227.0.0 - 84.227.255.255
netname: SUNRISE-ADSL
descr: sunrise
descr: TDC Switzerland AG
descr: Ruemlang, Switzerland
country: CH
remarks: abuse -> abuse@sunrise.net
Message 2 of 6
(620 Views)
Re: Attacks from Plusnet address space
06-01-2013 5:51 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
nslookup 84.93.225.58 = portal04.servers.plus.net
nslookup 84.93.225.59 = portal05.servers.plus.net
nslookup 84.93.235.210 = 84.93.235.210.broadband.plus.dyn.plus.net
So only 84.93.235.210 appears to be a Plusnet broadband customer.
The "attack" from portal04.servers.plus.net was probably just the portal being a bit slow, and then a whole bunch of packets suddenly arrive all at the same time.
nslookup 84.93.225.59 = portal05.servers.plus.net
nslookup 84.93.235.210 = 84.93.235.210.broadband.plus.dyn.plus.net
So only 84.93.235.210 appears to be a Plusnet broadband customer.
The "attack" from portal04.servers.plus.net was probably just the portal being a bit slow, and then a whole bunch of packets suddenly arrive all at the same time.
Message 3 of 6
(620 Views)
Re: Attacks from Plusnet address space
06-01-2013 6:05 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Estragon: The sun seems to have set on Sunrise.
ejs: Thanks for that - I seem to get a small number of all three kinds of "attack" messages.
Quote jeremy@HECTOR:~$ ping 84.227.197.91
PING 84.227.197.91 (84.227.197.91) 56(84) bytes of data.
^C
--- 84.227.197.91 ping statistics ---
13 packets transmitted, 0 received, 100% packet loss, time 12094ms
ejs: Thanks for that - I seem to get a small number of all three kinds of "attack" messages.
"In The Beginning Was The Word, And The Word Was Aardvark."
Message 4 of 6
(620 Views)
Re: Attacks from Plusnet address space
06-01-2013 6:21 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
sunrise.net "Record expires on 01-01-2014".
If I ping you and your router isn't set to respond t pings, I'd get the same result as we get from sunrise.
If I ping you and your router isn't set to respond t pings, I'd get the same result as we get from sunrise.
Message 5 of 6
(620 Views)
Re: Attacks from Plusnet address space
06-01-2013 6:25 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quite true!
"In The Beginning Was The Word, And The Word Was Aardvark."
Message 6 of 6
(620 Views)
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Attacks from Plusnet address space