Asians Attack Or?

[Fearless]

Last night shortly before 10:00PM CST the traffic levels to this server went up by a multiple of 6, like a light switch. No ramp up, instant. Initially it was too much for the server to handle and I had to power cycle the server. After power cycling the load levels went right back up. I looked at the logs and a lot of traffic was being dumped by my firewall coming from the 61.0.0.0 block of IPs. I setup the firewall to drop all packets coming from the 61.0.0.0 block and the traffic levels immediately dropped by 1/3.
Still being hit, I looked further into the log files. I found a lot of traffic from the 218.0.0.0 IP block. So I blocked it. The traffic levels dropped again but still higher than normal. Then I looked at the Apache access log file and I saw a lot of traffic coming from 210.0.0.0 IP block going to a site I recently bought from a member here, gamecow.com. After I blocked 210.0.0.0 IP block, the traffic returned to almost normal levels. Then just like it started, the traffic returned to normal levels instantly.

You can see the graphs here http://www.dnforum.com/graphs/graphs.htm

All of the IP blocks originate from Asia Pacific Network Information Centre.

Can anyone shed some light on this? Was there a commercial in Asia that told everyone to go to gamecow.com?

 

[mole]

Machines can be hijacked for attacks greg. If you think its a DDOS attack, it can originate anywhere, so putting a finger on the origin is like staring at the universe with chronic myopic eyes.

 

[Fearless]

Originally posted by mole
Machines can be hijacked for attacks greg. If you think its a DDOS attack, it can originate anywhere

I know that's possible. I'm only reporting the facts I know. Maybe someone else knows something you or I don't know. I don't care for this to happen again.

 

[ctn]

i know i downloaded that java thing and woke up this morning and they was some little java sign there in my task bar, clicked on it and had a list of stuff like garbage collection and all kind of stuff then at the bottom it said clear, copy and something else.

I exited the program quick ,i should have left it there and looked at it later,because i don't know how to get it to come back up.But i did notice at the bottom it said something like www.redsheriff.com
Don't know if it means anything,you might want to go to the website and figure out what it is.Im not a techy so,its blah blah blah to me
It come back up again,what is this stuff

Java(TM) Plug-in: Version 1.4.1_01
Using JRE version 1.4.1_01 Java HotSpot(TM) Client VM
User home directory = C:\WINDOWS

Proxy Configuration: No proxy





----------------------------------------------------
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
p: reload proxy configuration
q: hide console
r: reload policy configuration
s: dump system properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
----------------------------------------------------
----------- RedSheriff Measurement -----------

Privacy: http://www.redsheriff.com/privacy.htm

Record Sent