1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

I don't know what to do.

Discussion in 'Security' started by weput, May 24, 2007.

0
  1. #1
    Ok guys..
    this is the first time I'm doing the role of system administrator.

    when I ran netstat this is my output.

    Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 ip172.colo.iinet.co:www 211.90.8.227:40604      SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.50.43:2132        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2175        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.51.188:3314       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2091        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2089        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.51.188:3267       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.53.191:3706       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.51.188:3317       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2130        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2132        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2176        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.50.43:2131        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.254:4043       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.53.191:3722       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2163        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.51.188:3268       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.53.191:3705       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.50.97:4989        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2275        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.50.43:2140        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2274        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2090        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.51.188:mysql      SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.51.188:3312       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2088        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.50.122:2182       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.50.152:1473       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.51.188:3309       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.254:4026       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.51.188:3311       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2165        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2172        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.51.188:3318       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2131        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2169        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2127        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.50.43:2130        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2173        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2092        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.51.188:3316       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.51.188:3319       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27477 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:32936 ip219.evilbitch.com:www ESTABLISHED
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27478 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27457 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:13635 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27458 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:13636 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27468 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27470 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:22898 TIME_WAIT  
tcp        0      0 server.hidensurfe:32933 server.hidensurfe:https TIME_WAIT  
tcp        0      0 server.hidensurfe:32935 server.hidensurfe:https TIME_WAIT  
tcp        0      0 server.hidensurfe:32917 server.hidensurfe:https TIME_WAIT  
tcp        0      0 server.hidensurfe:32916 server.hidensurfe:https TIME_WAIT  
tcp        0      0 server.hidensurfe:32915 server.hidensurfe:https TIME_WAIT  
tcp        0      0 server.hidensurfe:32910 server.hidensurfe:https TIME_WAIT  
tcp        0      0 server.hidensurfe:32874 server.hidensurfe:https TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:22906 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:22908 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.co:www 211.90.8.227:40604      TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:13667 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:13669 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:13671 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:13674 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:22893 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:22892 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:22894 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:13678 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:14099 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27410 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:14100 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27421 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:26372 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27399 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27400 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27406 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27445 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27444 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27449 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.co:www 211.90.8.227:26587      TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:13631 ESTABLISHED
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27455 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27425 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27431 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:48427 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27438 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:26325 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:26327 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.c:bpcd ESTABLISHED
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:26329 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27353 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27355 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27354 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:13786 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27331 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27330 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:26309 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27382 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27385 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27384 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:26365 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27390 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27361 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:26336 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:26338 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:26347 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27373 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:26351 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.cu:asp TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:39568 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:12445 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:22940 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:22942 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:39552 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:13696 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:22917 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:22918 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:13709 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:22925 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:13708 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:22924 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:39599 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:13743 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:13742 TIME_WAIT  
udp        0      0 ip172.colo.iinet.:44097 ns1.pacifier.net:domain ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  4      [ ]         DGRAM                    24098935 /dev/log
unix  2      [ ]         DGRAM                    24099096 
unix  2      [ ]         DGRAM                    24098979
    Code (markup):
    It looks like these people are attacking my server (jobcorp-gary1-gw and 10.43.52.58)

    at the beguining I was thinking that these guys were using proxys and browse thru my site to maximize anonimity but this output is ridiculus

    what should i do?
     
    weput, May 24, 2007 IP
  2. daringtakers

    daringtakers Well-Known Member

    Messages:
    808
    Likes Received:
    23
    Best Answers:
    0
    Trophy Points:
    110
    #2
    I think its Daniel of service attack (DDOS)
     
    daringtakers, May 27, 2007 IP
  3. tandac

    tandac Active Member

    Messages:
    337
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    58
    #3
    I would look for another explanation.

    10.x.x.x is a non-routable IP address. Assuming there's no IP spoofing going on, I would contact your hosting provider to find out what that IP is.

    Their firewalls/routers should be configured to block obvious IP spoofing attempts.

    jobcorp-gary1-gw looks like a router. Take a closer look at the name and see if it means anything.
     
    tandac, May 27, 2007 IP