To whom it may concern;
The remote system 209.191.88.133 was logged attacking host 72.36.201.82,
this is an automated warning; please do not ignore this message!
209.191.88.133 was found to have exceeded acceptable inbound packet flow, your
APF (Advanced policy firewall) installation on this host is configured
to dispatch this e-mail and/or take other such actions.
This host is set to NOT e-mail remote network administrators of attack
incidents. For your reference, queries sent to arin.net have determined
that an administrative contact for 209.191.88.133 exists at
network-abuse@cc.yahoo-inc.com.
This address should be used for any administrative contact with the remote
network, in an effort to resolve this incident.
Enclosed below are log portions detailing the attack, all time stamps are
GMT -0600.
APF [antidos] log:
Jan 06 06:04:43 server1 antidos(27788): 209.191.88.133:25 -> 72.36.201.82:54023
Jan 06 06:04:43 server1 antidos(27788): 209.191.88.133 -> 72.36.201.82 (DROPPED)
Event logs:
Jan 1 10:20:04 server1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:13:20:28:b7:64:00:13:19:30:1f:ff:08:00 SRC=209.191.88.133 DST=72.36.201.82 LEN=44 TOS=0x10 PREC=0x00 TTL=54 ID=29000 DF PROTO=TCP SPT=25 DPT=20509 WINDOW=65535 RES=0x00 ACK SYN URGP=0
Jan 1 10:20:16 server1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:13:20:28:b7:64:00:13:19:30:1f:ff:08:00 SRC=209.191.88.133 DST=72.36.201.82 LEN=44 TOS=0x10 PREC=0x00 TTL=54 ID=38301 DF PROTO=TCP SPT=25 DPT=20509 WINDOW=65535 RES=0x00 ACK SYN URGP=0
Jan 1 11:09:03 server1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:13:20:28:b7:64:00:13:19:30:1f:ff:08:00 SRC=209.191.88.133 DST=72.36.201.82 LEN=40 TOS=0x10 PREC=0x00 TTL=54 ID=3045 DF PROTO=TCP SPT=25 DPT=24334 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Jan 1 11:09:04 server1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:13:20:28:b7:64:00:13:19:30:1f:ff:08:00 SRC=209.191.88.133 DST=72.36.201.82 LEN=98 TOS=0x10 PREC=0x00 TTL=54 ID=3369 DF PROTO=TCP SPT=25 DPT=24334 WINDOW=65535 RES=0x00 ACK PSH FIN URGP=0
Jan 1 11:10:07 server1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:13:20:28:b7:64:00:13:19:30:1f:ff:08:00 SRC=209.191.88.133 DST=72.36.201.82 LEN=98 TOS=0x10 PREC=0x00 TTL=54 ID=36811 DF PROTO=TCP SPT=25 DPT=24334 WINDOW=65535 RES=0x00 ACK PSH FIN URGP=0
Jan 1 11:11:11 server1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:13:20:28:b7:64:00:13:19:30:1f:ff:08:00 SRC=209.191.88.133 DST=72.36.201.82 LEN=98 TOS=0x10 PREC=0x00 TTL=54 ID=10175 DF PROTO=TCP SPT=25 DPT=24334 WINDOW=65535 RES=0x00 ACK PSH FIN URGP=0
Jan 1 11:12:15 server1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:13:20:28:b7:64:00:13:19:30:1f:ff:08:00 SRC=209.191.88.133 DST=72.36.201.82 LEN=98 TOS=0x10 PREC=0x00 TTL=54 ID=43937 DF PROTO=TCP SPT=25 DPT=24334 WINDOW=65535 RES=0x00 ACK PSH FIN URGP=0
Jan 1 11:13:19 server1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:13:20:28:b7:64:00:13:19:30:1f:ff:08:00 SRC=209.191.88.133 DST=72.36.201.82 LEN=98 TOS=0x10 PREC=0x00 TTL=54 ID=20207 DF PROTO=TCP SPT=25 DPT=24334 WINDOW=65535 RES=0x00 ACK PSH FIN URGP=0
Jan 1 11:14:23 server1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:13:20:28:b7:64:00:13:19:30:1f:ff:08:00 SRC=209.191.88.133 DST=72.36.201.82 LEN=98 TOS=0x10 PREC=0x00 TTL=54 ID=59438 DF PROTO=TCP SPT=25 DPT=24334 WINDOW=65535 RES=0x00 ACK PSH FIN URGP=0
Jan 1 11:16:31 server1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:13:20:28:b7:64:00:13:19:30:1f:ff:08:00 SRC=209.191.88.133 DST=72.36.201.82 LEN=98 TOS=0x10 PREC=0x00 TTL=54 ID=450 DF PROTO=TCP SPT=25 DPT=24334 WINDOW=65535 RES=0x00 ACK PSH FIN URGP=0
Jan 1 11:17:35 server1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:13:20:28:b7:64:00:13:19:30:1f:ff:08:00 SRC=209.191.88.133 DST=72.36.201.82 LEN=40 TOS=0x10 PREC=0x00 TTL=54 ID=36457 DF PROTO=TCP SPT=25 DPT=24334 WINDOW=65535 RES=0x00 ACK RST URGP=0
Jan 3 12:04:56 server1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:13:20:28:b7:64:00:13:19:30:1f:ff:08:00 SRC=209.191.88.133 DST=72.36.201.82 LEN=44 TOS=0x10 PREC=0x00 TTL=54 ID=23383 DF PROTO=TCP SPT=25 DPT=40239 WINDOW=65535 RES=0x00 ACK SYN URGP=0
Jan 4 13:27:45 server1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:13:20:28:b7:64:00:13:19:30:1f:ff:08:00 SRC=209.191.88.133 DST=72.36.201.82 LEN=40 TOS=0x10 PREC=0x00 TTL=54 ID=39084 DF PROTO=TCP SPT=25 DPT=49229 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Jan 4 13:28:23 server1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:13:20:28:b7:64:00:13:19:30:1f:ff:08:00 SRC=209.191.88.133 DST=72.36.201.82 LEN=155 TOS=0x10 PREC=0x00 TTL=54 ID=11368 DF PROTO=TCP SPT=25 DPT=49229 WINDOW=65535 RES=0x00 ACK PSH FIN URGP=0
Jan 4 13:29:27 server1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:13:20:28:b7:64:00:13:19:30:1f:ff:08:00 SRC=209.191.88.133 DST=72.36.201.82 LEN=155 TOS=0x10 PREC=0x00 TTL=54 ID=25233 DF PROTO=TCP SPT=25 DPT=49229 WINDOW=65535 RES=0x00 ACK PSH FIN URGP=0
Jan 4 13:30:31 server1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:13:20:28:b7:64:00:13:19:30:1f:ff:08:00 SRC=209.191.88.133 DST=72.36.201.82 LEN=155 TOS=0x10 PREC=0x00 TTL=54 ID=43358 DF PROTO=TCP SPT=25 DPT=49229 WINDOW=65535 RES=0x00 ACK PSH FIN URGP=0
Jan 4 13:31:35 server1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:13:20:28:b7:64:00:13:19:30:1f:ff:08:00 SRC=209.191.88.133 DST=72.36.201.82 LEN=155 TOS=0x10 PREC=0x00 TTL=54 ID=61321 DF PROTO=TCP SPT=25 DPT=49229 WINDOW=65535 RES=0x00 ACK PSH FIN URGP=0
Jan 4 13:32:39 server1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:13:20:28:b7:64:00:13:19:30:1f:ff:08:00 SRC=209.191.88.133 DST=72.36.201.82 LEN=155 TOS=0x10 PREC=0x00 TTL=54 ID=2313 DF PROTO=TCP SPT=25 DPT=49229 WINDOW=65535 RES=0x00 ACK PSH FIN URGP=0
Jan 4 13:33:43 server1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:13:20:28:b7:64:00:13:19:30:1f:ff:08:00 SRC=209.191.88.133 DST=72.36.201.82 LEN=155 TOS=0x10 PREC=0x00 TTL=54 ID=20580 DF PROTO=TCP SPT=25 DPT=49229 WINDOW=65535 RES=0x00 ACK PSH FIN URGP=0
Jan 4 13:34:47 server1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:13:20:28:b7:64:00:13:19:30:1f:ff:08:00 SRC=209.191.88.133 DST=72.36.201.82 LEN=155 TOS=0x10 PREC=0x00 TTL=54 ID=17075 DF PROTO=TCP SPT=25 DPT=49229 WINDOW=65535 RES=0x00 ACK PSH FIN URGP=0
Jan 4 13:35:51 server1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:13:20:28:b7:64:00:13:19:30:1f:ff:08:00 SRC=209.191.88.133 DST=72.36.201.82 LEN=40 TOS=0x10 PREC=0x00 TTL=54 ID=45542 DF PROTO=TCP SPT=25 DPT=49229 WINDOW=65535 RES=0x00 ACK RST URGP=0
Jan 5 13:38:28 server1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:13:20:28:b7:64:00:13:19:30:1f:ff:08:00 SRC=209.191.88.133 DST=72.36.201.82 LEN=40 TOS=0x10 PREC=0x00 TTL=54 ID=389 DF PROTO=TCP SPT=25 DPT=49152 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Jan 5 13:38:47 server1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:13:20:28:b7:64:00:13:19:30:1f:ff:08:00 SRC=209.191.88.133 DST=72.36.201.82 LEN=272 TOS=0x10 PREC=0x00 TTL=54 ID=9518 DF PROTO=TCP SPT=25 DPT=49152 WINDOW=65535 RES=0x00 ACK PSH FIN URGP=0
Jan 5 13:39:51 server1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:13:20:28:b7:64:00:13:19:30:1f:ff:08:00 SRC=209.191.88.133 DST=72.36.201.82 LEN=272 TOS=0x10 PREC=0x00 TTL=54 ID=13280 DF PROTO=TCP SPT=25 DPT=49152 WINDOW=65535 RES=0x00 ACK PSH FIN URGP=0
Jan 5 13:40:55 server1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:13:20:28:b7:64:00:13:19:30:1f:ff:08:00 SRC=209.191.88.133 DST=72.36.201.82 LEN=272 TOS=0x10 PREC=0x00 TTL=54 ID=25143 DF PROTO=TCP SPT=25 DPT=49152 WINDOW=65535 RES=0x00 ACK PSH FIN URGP=0
Jan 5 13:41:59 server1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:13:20:28:b7:64:00:13:19:30:1f:ff:08:00 SRC=209.191.88.133 DST=72.36.201.82 LEN=272 TOS=0x10 PREC=0x00 TTL=54 ID=13218 DF PROTO=TCP SPT=25 DPT=49152 WINDOW=65535 RES=0x00 ACK PSH FIN URGP=0
Jan 5 13:43:03 server1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:13:20:28:b7:64:00:13:19:30:1f:ff:08:00 SRC=209.191.88.133 DST=72.36.201.82 LEN=272 TOS=0x10 PREC=0x00 TTL=54 ID=24284 DF PROTO=TCP SPT=25 DPT=49152 WINDOW=65535 RES=0x00 ACK PSH FIN URGP=0
Jan 5 13:44:07 server1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:13:20:28:b7:64:00:13:19:30:1f:ff:08:00 SRC=209.191.88.133 DST=72.36.201.82 LEN=272 TOS=0x10 PREC=0x00 TTL=54 ID=4283 DF PROTO=TCP SPT=25 DPT=49152 WINDOW=65535 RES=0x00 ACK PSH FIN URGP=0
Jan 5 13:45:11 server1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:13:20:28:b7:64:00:13:19:30:1f:ff:08:00 SRC=209.191.88.133 DST=72.36.201.82 LEN=40 TOS=0x10 PREC=0x00 TTL=54 ID=31100 DF PROTO=TCP SPT=25 DPT=49152 WINDOW=65535 RES=0x00 ACK RST URGP=0
Jan 5 15:50:50 server1 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:13:20:28:b7:64:00:13:19:30:1f:ff:08:00 SRC=209.191.88.133 DST=72.36.201.82 LEN=44 TOS=0x10 PREC=0x00 TTL=54 ID=35426 DF PROTO=TCP SPT=25 DPT=54023 WINDOW=65535 RES=0x00 ACK SYN URGP=0
- Administrative team, Web for host
<*****@*****.name>