xrcode
13-12-2008, 18:18
Ok thank you
OLES this machine is constantly ATTACKING my SERVERS!
oles@ovh.net
13-12-2008, 09:34
xrcode a écrit:
>
> ns202736.ovh.net <---constantly ddosing my servers.
>
>
>
> 14:33:01.742739 IP ns202736.ovh.net > reliableroomhosting.com: udp
you have to send this kind of information to abuse@ovh.net
I fixed this problem, but I prefer next time you send to
abuse@ovh.net. Thanks !
>
> ns202736.ovh.net <---constantly ddosing my servers.
>
>
>
> 14:33:01.742739 IP ns202736.ovh.net > reliableroomhosting.com: udp
you have to send this kind of information to abuse@ovh.net
I fixed this problem, but I prefer next time you send to
abuse@ovh.net. Thanks !
xrcode
13-12-2008, 05:44
I turned off the logging and did straight packet dropping because it takes way less resources too do that, the only thing logged is the byte and packet counters on the drop rule for that machine, have a look at My mrtg graphs on ns60325 and then have a look at the mrtg graphs on the attacking machine ns202736.ovh.net..... it will be quite obvious
Neil
12-12-2008, 14:14
Hello
I am afraid we need more information than that, we need logfiles about the attack. If you are to retrieve if the attack is continuing then send the new files to the address and to customer support and we will deal with it.
I am afraid we need more information than that, we need logfiles about the attack. If you are to retrieve if the attack is continuing then send the new files to the address and to customer support and we will deal with it.
xrcode
12-12-2008, 14:11
It clearly shows 7+GB of dropped packets, if ovh would like ssh access to my server to inspect that is not a problem at all.
xrcode
12-12-2008, 14:09
I did that last time, i didnt even get a response.
[root@reliableroomhosting ~]# iptables -L -t raw -v|less
Chain PREROUTING (policy ACCEPT 1095M packets, 328G bytes)
pkts bytes target prot opt in out source destination
109K 7102M DROP all -- any any ns202736.ovh.net anywhere
Thats all i logged. I didnt save the tcpdumps because i was busy trying to get the attacking servers turned off, there was a ovh server and a dedibox.fr server attacking.
[root@reliableroomhosting ~]# iptables -L -t raw -v|less
Chain PREROUTING (policy ACCEPT 1095M packets, 328G bytes)
pkts bytes target prot opt in out source destination
109K 7102M DROP all -- any any ns202736.ovh.net anywhere
Thats all i logged. I didnt save the tcpdumps because i was busy trying to get the attacking servers turned off, there was a ovh server and a dedibox.fr server attacking.
Neil
12-12-2008, 14:07
Hello
If you send all your logs about the attack and much detail as you can to mailto:abuse@ovh.net then we will deal with it promptly.
If you send all your logs about the attack and much detail as you can to mailto:abuse@ovh.net then we will deal with it promptly.
xrcode
12-12-2008, 13:30
ns202736.ovh.net <---constantly ddosing my servers.
14:33:01.742739 IP ns202736.ovh.net > reliableroomhosting.com: udp
307 packets captured
5681846 packets received by filter
5681084 packets dropped by kernel
[root@reliableroomhosting ~]#
i am seeing 1000mbps of denial of service attack from this machine and a dedibox.fr machine, can you please turn it off oles, check for yourself. it is definately performing malicious tasks.
14:33:01.742739 IP ns202736.ovh.net > reliableroomhosting.com: udp
307 packets captured
5681846 packets received by filter
5681084 packets dropped by kernel
[root@reliableroomhosting ~]#
i am seeing 1000mbps of denial of service attack from this machine and a dedibox.fr machine, can you please turn it off oles, check for yourself. it is definately performing malicious tasks.