Malaysian Computer Emergency Response Team

CONTACT US

SITEMAP

Search:

Home > Services > Cyber999 > Email > Samples of Incident Report to MyCERT

Dear MyCERT,

We wish to lodge a complaint of a severe DOS attack to our server with the IP address of xx.xx.xx.241 from an IP address of xx.xx.xx.193 since 17th May 2005.

The attack is so aggresive that it brought down our server several time yesterday (17th May) before we decided to blacklist the offending server.

Your kind and quick assistance in this is very much appreciated as the attack has caused downtime to our key applications and has caused our internet access to slow down considerably.

The following are our firewall report for your reference and action. Also attached is a snapshot of our log report.

Firewall hit report:

Time: 18/05/2005 10:42:17
Reason: Blacklisted
Source MAC address: xx-xx-xx-xx-58-38
Destination MAC address: xx-xx-xx-xx-81-56
Source IP address: xx.xx.xx.193 : 4361
Destination IP address: xx.xx.xx.241 : 1025
Protocol: TCP
TCP flags: S
Time-to-live: 127

--------Firewall LOG Indicating the Attack-------
05/18/05 10:30:58 Authorisation failure: NAT STATUS: firewall block: TCP src xx.xx.xx.193:2056 dst xx.xx.xx.241:135
05/18/05 10:30:58 Authorisation failure: NAT STATUS: firewall block: TCP src xx.xx.xx.193:2057 dst xx.xx.xx.241:1025
05/18/05 10:30:58 Authorisation failure: NAT STATUS: firewall block: TCP src xx.xx.xx.193:2058 dst xx.xx.xx.241:445
05/18/05 10:30:58 Authorisation failure: NAT STATUS: firewall block: TCP src xx.xx.xx.193:2059 dst xx.xx.xx.241:139
05/18/05 10:31:00 Authorisation failure: NAT STATUS: firewall block: TCP src xx.xx.xx.193:3887 dst xx.xx.xx.241:135
05/18/05 10:31:00 Authorisation failure: NAT STATUS: firewall block: TCP src xx.xx.xx.193:3888 dst xx.xx.xx.241:1025
05/18/05 10:31:00 Authorisation failure: NAT STATUS: firewall block: TCP src xx.xx.xx.193:3889 dst xx.xx.xx.241:445
05/18/05 10:31:00 Authorisation failure: NAT STATUS: firewall block: TCP src xx.xx.xx.193:3890 dst xx.xx.xx.241:139
05/18/05 10:31:00 Authorisation failure: NAT STATUS: firewall block: TCP src xx.xx.xx.193:3973 dst xx.xx.xx.241:135
05/18/05 10:31:00 Authorisation failure: NAT STATUS: firewall block: TCP src xx.xx.xx.193:3974 dst xx.xx.xx.241:1025
05/18/05 10:31:00 Authorisation failure: NAT STATUS: firewall block: TCP src xx.xx.xx.193:3975 dst xx.xx.xx.241:445
05/18/05 10:31:03 Authorisation failure: NAT STATUS: firewall block: TCP src xx.xx.xx.193:3890 dst xx.xx.xx.241:139
05/18/05 10:31:03 Authorisation failure: NAT STATUS: firewall block: TCP src xx.xx.xx.193:3973 dst xx.xx.xx.241:135
05/18/05 10:31:04 Authorisation failure: NAT STATUS: firewall block: TCP src xx.xx.xx.193:2059 dst xx.xx.xx.241:139
05/18/05 10:31:04 Authorisation failure: NAT STATUS: firewall block: TCP src xx.xx.xx.193:2058 dst xx.xx.xx.241:445
-------------------------