tcpdump logs

Hi guys

We are getting dos'ed right now
Traffic coming in at 1mb/second

however, box is still up. It appears it can handle it.

Does anyone know what this is? its from tcpdump

Like, what kind of attack, etc

15:51:20.410000 eth0 > 216.18.0.178.42530 > playvideo.gr.http: R 2535981057:2535981057(0) win 0 (DF)
15:51:20.410000 eth0 < npark.de.http > 216.18.0.178.4807: S 2334892519:2334892519(0) ack 2584281089 win 32736 <mss 536>
15:51:20.410000 eth0 > 216.18.0.178.4807 > npark.de.http: R 2584281089:2584281089(0) win 0 (DF)
15:51:20.410000 eth0 < manios.gr.http > 216.18.0.178.5819: S 3375410698:3375410698(0) ack 3865772033 win 32696 <mss 536> (DF)
15:51:20.410000 eth0 > 216.18.0.178.5819 > manios.gr.http: R 3865772033:3865772033(0) win 0 (DF)
15:51:20.410000 eth0 < queenstown-wines.com.http > 216.18.0.178.14844: S 3645302934:3645302934(0) ack 2597060609 win 32696 <mss 536> (DF)
15:51:20.410000 eth0 > 216.18.0.178.14844 > queenstown-wines.com.http: R 2597060609:2597060609(0) win 0 (DF)
15:51:20.410000 eth0 < jedxx.com.http > 216.18.0.178.5485: S 1410404881:1410404881(0) ack 198443009 win 32736 <mss 536>
15:51:20.410000 eth0 > 216.18.0.178.5485 > jedxx.com.http: R 198443009:198443009(0) win 0 (DF)
15:51:20.410000 eth0 < therowantree.com.http > 216.18.0.178.49269: S 2882913642:2882913642(0) ack 1089601537 win 32736 <mss 536>
15:51:20.410000 eth0 > 216.18.0.178.49269 > therowantree.com.http: R 1089601537:1089601537(0) win 0 (DF)
15:51:20.410000 eth0 < antoniocervo.com.http > 216.18.0.178.61566: S 911714846:911714846(0) ack 2571632641 win 32736 <mss 536>
15:51:20.410000 eth0 > 216.18.0.178.61566 > antoniocervo.com.http: R 2571632641:2571632641(0) win 0 (DF)
15:51:20.410000 eth0 < davidgovett.com.http > 216.18.0.178.51758: S 2114656316:2114656316(0) ack 2667642881 win 32736 <mss 536>
15:51:20.410000 eth0 > 216.18.0.178.51758 > davidgovett.com.http: R 2667642881:2667642881(0) win 0 (DF)
15:51:20.410000 eth0 < adrenaline-sports.com.http > 216.18.0.178.7518: S 2108611651:2108611651(0) ack 2559705089 win 32696 <mss 536> (DF)
15:51:20.410000 eth0 > 216.18.0.178.7518 > adrenaline-sports.com.http: R 2559705089:2559705089(0) win 0 (DF)
15:51:20.410000 eth0 < 64.87.8.98.http > 216.18.0.178.15774: S 4012169602:4012169602(0) ack 3035365377 win 32696 <mss 536> (DF)
15:51:20.410000 eth0 > 216.18.0.178.15774 > 64.87.8.98.http: R 3035365377:3035365377(0) win 0 (DF)
15:51:20.410000 eth0 < user-1054ibg.biz.mindspring.com.http > 216.18.0.178.51957: S 969557039:969557039(0) ack 2785673217 win 65535 <mss 1460>
15:51:20.410000 eth0 > 216.18.0.178.51957 > user-1054ibg.biz.mindspring.com.http: R 2785673217:2785673217(0) win 0 (DF)
15:51:20.410000 eth0 < 64.87.93.224.http > 216.18.0.178.20457: S 132640392:132640392(0) ack 2741698561 win 32696 <mss 536> (DF)
15:51:20.410000 eth0 > 216.18.0.178.20457 > 64.87.93.224.http: R 2741698561:2741698561(0) win 0 (DF)
15:51:20.410000 eth0 < datanixz.com.http > 216.18.0.178.63123: S 97690408:97690408(0) ack 3977707521 win 32696 <mss 536> (DF)
15:51:20.410000 eth0 > 216.18.0.178.63123 > datanixz.com.http: R 3977707521:3977707521(0) win 0 (DF)
15:51:20.410000 eth0 < archcares.com.http > 216.18.0.178.30664: S 955140477:955140477(0) ack 1524563969 win 32768 <mss 1460>
15:51:20.410000 eth0 > 216.18.0.178.30664 > archcares.com.http: R 1524563969:1524563969(0) win 0 (DF)
15:51:20.410000 eth0 < jrtees.com.http > 216.18.0.178.36310: S 955204766:955204766(0) ack 3902472193 win 32768 <mss 1460>
15:51:20.410000 eth0 > 216.18.0.178.36310 > jrtees.com.http: R 3902472193:3902472193(0) win 0 (DF)
15:51:20.410000 eth0 < epexperts.com.http > 216.18.0.178.60464: S 13615424:13615424(0) ack 3632398337 win 65535 <mss 1460>
15:51:20.410000 eth0 > 216.18.0.178.60464 > epexperts.com.http: R 3632398337:3632398337(0) win 0 (DF)
15:51:20.410000 eth0 < msudist.com.http > 216.18.0.178.30937: S 2106656669:2106656669(0) ack 3967614977 win 32696 <mss 536> (DF)
15:51:20.410000 eth0 > 216.18.0.178.30937 > msudist.com.http: R 3967614977:3967614977(0) win 0 (DF)
15:51:20.410000 eth0 < sillyfoxx.com.http > 216.18.0.178.31380: S 497586029:497586029(0) ack 608305153 win 65535 <mss 1460>
15:51:20.410000 eth0 > 216.18.0.178.31380 > sillyfoxx.com.http: R 608305153:608305153(0) win 0 (DF)
15:51:20.410000 eth0 < 64.87.29.169.http > 216.18.0.178.41029: S 3021778499:3021778499(0) ack 1106640897 win 32696 <mss 536> (DF)
15:51:20.410000 eth0 > 216.18.0.178.41029 > 64.87.29.169.http: R 1106640897:1106640897(0) win 0 (DF)
15:51:20.410000 eth0 < 64.87.29.170.http > 216.18.0.178.37218: S 3033711957:3033711957(0) ack 3722706945 win 32696 <mss 536> (DF)
15:51:20.410000 eth0 > 216.18.0.178.37218 > 64.87.29.170.http: R 3722706945:3722706945(0) win 0 (DF)
15:51:20.410000 eth0 < 64.87.90.148.http > 216.18.0.178.11047: S 3374159490:3374159490(0) ack 3074818049 win 32696 <mss 536> (DF)
15:51:20.410000 eth0 > 216.18.0.178.11047 > 64.87.90.148.http: R 3074818049:3074818049(0) win 0 (DF)
15:51:20.410000 eth0 < 64.87.90.162.http > 216.18.0.178.55726: S 570291736:570291736(0) ack 198246401 win 32736 <mss 536>
15:51:20.410000 eth0 > 216.18.0.178.55726 > 64.87.90.162.http: R 198246401:198246401(0) win 0 (DF)
15:51:20.410000 eth0 < ladyjade.org.http > 216.18.0.178.61620: S 3408584994:3408584994(0) ack 3549233153 win 32736 <mss 536>
15:51:20.410000 eth0 > 216.18.0.178.61620 > ladyjade.org.http: R 3549233153:3549233153(0) win 0 (DF)
15:51:20.410000 eth0 < 64.87.93.228.http > 216.18.0.178.4491: S 123101056:123101056(0) ack 228196353 win 32696 <mss 536> (DF)
15:51:20.410000 eth0 > 216.18.0.178.4491 > 64.87.93.228.http: R 228196353:228196353(0) win 0 (DF)
15:51:20.410000 eth0 < wallstreetstrategist.com.http > 216.18.0.178.56940: S 955269661:955269661(0) ack 2103115777 win 32768 <mss 1460>
15:51:20.410000 eth0 > 216.18.0.178.56940 > wallstreetstrategist.com.http: R 2103115777:2103115777(0) win 0 (DF)
15:51:20.410000 eth0 < buffalowyominghomes.com.http > 216.18.0.178.24800: S 2102421002:2102421002(0) ack 3688431617 win 32696 <mss 536> (DF)
15:51:20.410000 eth0 > 216.18.0.178.24800 > buffalowyominghomes.com.http: R 3688431617:3688431617(0) win 0 (DF)
15:51:20.410000 eth0 < 64.87.8.99.http > 216.18.0.178.24287: S 4008193800:4008193800(0) ack 1224605697 win 32696 <mss 536> (DF)
15:51:20.410000 eth0 > 216.18.0.178.24287 > 64.87.8.99.http: R 1224605697:1224605697(0) win 0 (DF)
15:51:20.410000 eth0 < digitaleyes.tv.http > 216.18.0.178.56549: S 2020370026:2020370026(0) ack 728432641 win 32736 <mss 536>
15:51:20.410000 eth0 > 216.18.0.178.56549 > digitaleyes.tv.http: R 728432641:728432641(0) win 0 (DF)
15:51:20.410000 eth0 < bronxbuilders.com.http > 216.18.0.178.36132: S 1401108182:1401108182(0) ack 3941531649 win 65535 <mss 1460>
15:51:20.410000 eth0 > 216.18.0.178.36132 > bronxbuilders.com.http: R 3941531649:3941531649(0) win 0 (DF)
15:51:20.410000 eth0 < dragmaster.com.http > 216.18.0.178.42768: S 955334515:955334515(0) ack 1193607169 win 32768 <mss 1460>
15:51:20.410000 eth0 > 216.18.0.178.42768 > dragmaster.com.http: R 1193607169:1193607169(0) win 0 (DF)
15:51:20.410000 eth0 < marketemediace.com.http > 216.18.0.178.9035: S 1582483505:1582483505(0) ack 1718681601 win 65535 <mss 536>
15:51:20.410000 eth0 > 216.18.0.178.9035 > marketemediace.com.http: R 1718681601:1718681601(0) win 0 (DF)
15:51:20.410000 eth0 < seabornindustries.com.http > 216.18.0.178.6893: S 1546079610:1546079610(0) ack 524025857 win 65535 <mss 1460>
15:51:20.410000 eth0 > 216.18.0.178.6893 > seabornindustries.com.http: R 524025857:524025857(0) win 0 (DF)
15:51:20.410000 eth0 < futurepast.com.http > 216.18.0.178.65395: S 976199966:976199966(0) ack 1957560321 win 65535 <mss 1460>
15:51:20.410000 eth0 > 216.18.0.178.65395 > futurepast.com.http: R 1957560321:1957560321(0) win 0 (DF)
15:51:20.410000 eth0 < atishdavda.com.http > 216.18.0.178.60399: S 734836545:734836545(0) ack 568983553 win 32736 <mss 536>
15:51:20.410000 eth0 > 216.18.0.178.60399 > atishdavda.com.http: R 568983553:568983553(0) win 0 (DF)
15:51:20.410000 eth0 < jhid.com.http > 216.18.0.178.51892: S 969621728:969621728(0) ack 107544577 win 65535 <mss 1460>
15:51:20.410000 eth0 > 216.18.0.178.51892 > jhid.com.http: R 107544577:107544577(0) win 0 (DF)
15:51:20.720000 eth0 < 64.94.17.132.http > 216.18.0.178.6679: S 3615431227:3615431227(0) ack 3468951553 win 32696 <mss 536> (DF)
15:51:20.720000 eth0 < earn-financial-freedom.com.http >
6659 packets received by filter
1842053 packets dropped by kernel
575 packets are not read yet

 

 

 

 

Top