Is this a DOS, or not DOS?

Post Reply
webjive
Junior Member
Posts: 11
Joined: 03 Aug 2012, 21:44

Is this a DOS, or not DOS?

Post by webjive »

I keep seeing dozens, sometimes hundreds of class B or C IP's coming to the server with 1 connection with no real performance impact. I never let them stay connected long enough (or they don't) to dig deep into what they are actually doing (I need to thought).

My question is, is there a setting in CSF to watch for a scenario like this and block that B or C class block. This latest one is from the country of IM so, I blocked that whole B class.

Thoughts?

BTW, I've seen hundreds hit from weird small countries.

netstat -ntu | egrep '(:80|:443)' | grep -v LISTEN | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -rn | grep -v 127.0.0.1
6 94.125.61.185
4 94.125.61.218
4 94.125.61.189
3 94.125.61.94
3 94.125.61.46
3 94.125.61.255
3 94.125.61.249
3 94.125.61.232
3 94.125.61.227
3 94.125.61.224
3 94.125.61.22
3 94.125.61.178
3 94.125.61.176
3 94.125.61.166
3 94.125.61.126
3 94.125.61.117
3 174.209.32.178
3 12.109.223.107
3 112.207.34.91
2 94.125.61.93
2 94.125.61.91
2 94.125.61.86
2 94.125.61.82
2 94.125.61.76
2 94.125.61.68
2 94.125.61.63
2 94.125.61.58
2 94.125.61.52
2 94.125.61.5
2 94.125.61.39
2 94.125.61.35
2 94.125.61.254
2 94.125.61.25
2 94.125.61.246
2 94.125.61.245
2 94.125.61.24
2 94.125.61.233
2 94.125.61.226
2 94.125.61.221
2 94.125.61.219
2 94.125.61.212
2 94.125.61.211
2 94.125.61.205
2 94.125.61.204
2 94.125.61.200
2 94.125.61.2
2 94.125.61.195
2 94.125.61.183
2 94.125.61.171
2 94.125.61.165
2 94.125.61.154
2 94.125.61.147
2 94.125.61.12
2 94.125.61.101
2 94.125.61.1
2 94.125.61.0
2 52.60.34.56
2 35.222.107.235
2 176.58.149.137
2 174.217.5.196
1 94.125.61.99
1 94.125.61.98
1 94.125.61.96
1 94.125.61.9
1 94.125.61.85
1 94.125.61.84
1 94.125.61.83
1 94.125.61.81
1 94.125.61.77
1 94.125.61.75
1 94.125.61.69
1 94.125.61.66
1 94.125.61.64
1 94.125.61.62
1 94.125.61.60
1 94.125.61.6
1 94.125.61.56
1 94.125.61.54
1 94.125.61.53
1 94.125.61.51
1 94.125.61.50
1 94.125.61.49
1 94.125.61.48
1 94.125.61.45
1 94.125.61.43
1 94.125.61.42
1 94.125.61.33
1 94.125.61.31
1 94.125.61.3
1 94.125.61.27
1 94.125.61.252
1 94.125.61.251
1 94.125.61.250
1 94.125.61.244
1 94.125.61.239
1 94.125.61.238
1 94.125.61.235
1 94.125.61.222
1 94.125.61.215
1 94.125.61.214
1 94.125.61.213
1 94.125.61.21
1 94.125.61.209
1 94.125.61.203
1 94.125.61.201
1 94.125.61.20
1 94.125.61.199
1 94.125.61.198
1 94.125.61.196
1 94.125.61.19
1 94.125.61.188
1 94.125.61.184
1 94.125.61.181
1 94.125.61.175
1 94.125.61.174
1 94.125.61.172
1 94.125.61.163
1 94.125.61.162
1 94.125.61.161
1 94.125.61.160
1 94.125.61.16
1 94.125.61.158
1 94.125.61.155
1 94.125.61.153
1 94.125.61.152
1 94.125.61.150
1 94.125.61.145
1 94.125.61.144
1 94.125.61.142
1 94.125.61.140
1 94.125.61.137
1 94.125.61.136
1 94.125.61.134
1 94.125.61.133
1 94.125.61.132
1 94.125.61.130
1 94.125.61.13
1 94.125.61.128
1 94.125.61.127
1 94.125.61.125
1 94.125.61.123
1 94.125.61.122
1 94.125.61.121
1 94.125.61.120
1 94.125.61.115
1 94.125.61.113
1 94.125.61.11
1 94.125.61.108
1 94.125.61.107
1 94.125.61.102
1 64.6.21.28
1 52.4.143.42
1 50.28.98.191
1 47.9.105.33
1 46.229.168.162
1 4.53.111.79
1 36.110.170.69
1 34.74.247.13
1 209.95.50.41
1 176.9.58.227
1 174.217.17.200
1 172.58.97.122
1 107.77.200.199
Post Reply