geekhack
geekhack Community => Off Topic => Topic started by: Psybin on Wed, 11 June 2014, 14:05:21
-
So I was playing around with some settings in my router yesterday and started looking through the logs. I'm by no means a networking pro, but I'm not completely inept, so school me. What does this mean?
I would assume a real DOS attack would be a absolute flood of packets, not just a couple. But is strange that the originating IP address is the address for Geekhack.
Side note I don't work Mondays, and when I'm home and doing homework or what not I just keep a tab open to GH on the topic spy. That's why its two Mondays in a row.
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [67.214.104.143], Monday, Jun 09,2014 15:56:05
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 09,2014 11:54:19
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 09,2014 11:53:06
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 09,2014 11:51:53
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 09,2014 11:50:40
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 09,2014 11:49:27
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 09,2014 11:48:13
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 09,2014 11:47:00
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 09,2014 11:45:47
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 09,2014 11:44:34
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 09,2014 11:43:21
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 09,2014 11:42:08
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 02,2014 14:11:35
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 02,2014 14:10:22
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 02,2014 14:09:09
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 02,2014 14:07:56
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 02,2014 14:06:43
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 02,2014 14:05:30
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 02,2014 14:04:16
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 02,2014 14:03:03
-
Most likely a false positive on your firewall/soho router log, probably because geekhack.org validates your source IP address.
-
From what I can tell those two IP's are from different ISP's, take a quick look at the WHOIS records.
-
Ah ok. I figured it was a false positive, was just curious what it was. I don't think I get on many other sites that validate the IP; well not as much as I lurk on GH. I wonder if the gear at work flags anything.
Yea the one IP that's different isn't the geekhack IP, that's something else /shrug
-
2spooks m8
-
pretty sure this was designed to filter out Ripster...
excessive IMHO.. he's still here regardless.... we just don't know which current user he's cloaked under... (http://emoticoner.com/files/emoticons/onion-head/ahaaah-onion-head-emoticon.gif?1292862489)
-
link me the cliffnotes about the ripster deal. I've gleaned some of the story from various posts but not much.
-
false positive, probably due to the proxy configuration that we use here.