I don't know what to do.

Discussion in 'Security' started by weput, May 24, 2007.

0
  1. #1
    Ok guys..
    this is the first time I'm doing the role of system administrator.

    when I ran netstat this is my output.

    Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 ip172.colo.iinet.co:www 211.90.8.227:40604      SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.50.43:2132        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2175        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.51.188:3314       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2091        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2089        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.51.188:3267       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.53.191:3706       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.51.188:3317       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2130        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2132        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2176        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.50.43:2131        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.254:4043       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.53.191:3722       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2163        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.51.188:3268       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.53.191:3705       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.50.97:4989        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2275        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.50.43:2140        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2274        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2090        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.51.188:mysql      SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.51.188:3312       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2088        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.50.122:2182       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.50.152:1473       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.51.188:3309       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.254:4026       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.51.188:3311       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2165        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2172        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.51.188:3318       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2131        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2169        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2127        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.50.43:2130        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2173        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.52.58:2092        SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.51.188:3316       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https 10.43.51.188:3319       SYN_RECV   
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27477 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:32936 ip219.evilbitch.com:www ESTABLISHED
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27478 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27457 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:13635 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27458 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:13636 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27468 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27470 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:22898 TIME_WAIT  
tcp        0      0 server.hidensurfe:32933 server.hidensurfe:https TIME_WAIT  
tcp        0      0 server.hidensurfe:32935 server.hidensurfe:https TIME_WAIT  
tcp        0      0 server.hidensurfe:32917 server.hidensurfe:https TIME_WAIT  
tcp        0      0 server.hidensurfe:32916 server.hidensurfe:https TIME_WAIT  
tcp        0      0 server.hidensurfe:32915 server.hidensurfe:https TIME_WAIT  
tcp        0      0 server.hidensurfe:32910 server.hidensurfe:https TIME_WAIT  
tcp        0      0 server.hidensurfe:32874 server.hidensurfe:https TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:22906 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:22908 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.co:www 211.90.8.227:40604      TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:13667 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:13669 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:13671 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:13674 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:22893 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:22892 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:22894 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:13678 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:14099 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27410 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:14100 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27421 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:26372 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27399 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27400 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27406 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27445 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27444 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27449 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.co:www 211.90.8.227:26587      TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:13631 ESTABLISHED
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27455 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27425 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27431 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:48427 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27438 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:26325 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:26327 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.c:bpcd ESTABLISHED
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:26329 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27353 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27355 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27354 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:13786 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27331 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27330 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:26309 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27382 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27385 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27384 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:26365 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27390 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27361 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:26336 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:26338 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:26347 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:27373 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:26351 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.cu:asp TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:39568 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:12445 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:22940 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:22942 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:39552 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:13696 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:22917 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:22918 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:13709 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:22925 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:13708 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:22924 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:39599 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:13743 TIME_WAIT  
tcp        0      0 ip172.colo.iinet.:https jobcorp-gary1-gw.:13742 TIME_WAIT  
udp        0      0 ip172.colo.iinet.:44097 ns1.pacifier.net:domain ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  4      [ ]         DGRAM                    24098935 /dev/log
unix  2      [ ]         DGRAM                    24099096 
unix  2      [ ]         DGRAM                    24098979
    Code (markup):
    It looks like these people are attacking my server (jobcorp-gary1-gw and 10.43.52.58)

    at the beguining I was thinking that these guys were using proxys and browse thru my site to maximize anonimity but this output is ridiculus

    what should i do?
     
    weput, May 24, 2007 IP
  2. daringtakers

    daringtakers Well-Known Member

    Messages:
    808
    Likes Received:
    23
    Best Answers:
    0
    Trophy Points:
    110
    #2
    I think its Daniel of service attack (DDOS)
     
    daringtakers, May 27, 2007 IP
  3. tandac

    tandac Active Member

    Messages:
    337
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    58
    #3
    I would look for another explanation.

    10.x.x.x is a non-routable IP address. Assuming there's no IP spoofing going on, I would contact your hosting provider to find out what that IP is.

    Their firewalls/routers should be configured to block obvious IP spoofing attempts.

    jobcorp-gary1-gw looks like a router. Take a closer look at the name and see if it means anything.
     
    tandac, May 27, 2007 IP