[GTER] ataques
Patrick Tracanelli
eksffa at freebsdbrasil.com.br
Wed Dec 3 16:15:03 -02 2014
> On 03/12/2014, at 15:26, Rodrigo Augusto <rodrigo at 1telecom.com.br> wrote:
>
> Pessoal, segue um exemplo dos logs gerados no nfdump de uns flows exportados
> de um cliente nosso que recebeu um ataque hoje. alterei o ip de destino para
> xxxxx para preservar o nosso cliente.
> Embora os src ip sejam alguns válidos de fato e com łdono˛, acredito que
> sejam todos spoffingŠ
> Tem algo a se fazer em um caso desses? O fornecedor está nos ajudando
> verificando de que peer veio o ataque( a elevacao de banda) e assim falar
> com o seu peer, e assim sucessivamenteŠe ir cercando até encontrarŠsao
> vários ipąs com vários pacotes por segundoŠ essa ainda foi legal, passou
> apenas 2GB de banda 900kppsŠ
Bem parecido com o caso do João Carlos, exceto que os pacotes UDP tem um tamanho médio maior (300 bytes), o que é ruim que gasta mais banda hehe.
Todos esses IPs são asia e leste europeu também. Você notou se o destino do ataque é constante? Um IP ou um mesmo CIDR? Seguindo a mesma linha anterior, consegue evitar anuncio do prefixo alvo para essas regiões? Communities, ASPath prepending, etc (Déjà vu da outra thread) é viável?
Se não for, firewall. So que quando você filtrar ja terá consumido sua banda e sua vazão.
Agora não me parece ser forjado, apenas distribuído, ja que a maioria desses IPs de origem estão anunciados e respondendo icmp ou tcp/rst. Ou seja estão de pé e em uso - o que não é indício de não serem forjados, mas é menos comum.
Recentemente tive ataque de amplificação snmp de origens similares, na borda de um cliente, bloqueamos por região usando a tabela:
http://ipdeny.com/ipblocks/data/countries/cn.zone
Na verdade bloqueamos (cn|az|by|kz|kg|ru|tj|tm|uz|vn).zone
Depois de 2 dias e denuncias do CSIRT aos operadores do AS de transito, o ataque cessou. Denunciar no AS de origem é em vão quando é CN e KR.
Seus upstream são quais? Do seu cliente no caso. Não tem uma community esperta anti-asia não? hehe :) Rejeitar anúncios pra asia e europa seletivamente, ja que a operadora esta apoiando talvez mesmo sem ter communities na agulha eles possam ajudar nesse sentido se um firewall não for suficiente.
>
>
>
>
> nfdump -M /var/nfsen/profiles-data/live/xxxxxxxxxxx -T -r
> 2014/12/03/nfcapd.201412030910 -n 200 -s record/flows
> Aggregated flows 190707
> Top 200 flows ordered by flows:
> Date first seen Duration Proto Src IP Addr:Port Dst
> IP Addr:Port Packets Bytes Flows
> 2014-11-25 10:03:17.439 281.240 UDP 110.125.1.203:1900 ->
> xxx.xxx.xxx.xxx:2000 193 63550 15
> 2014-11-25 10:03:19.699 282.810 UDP 184.153.163.26:1900 ->
> xxx.xxx.xxx.xxx:2000 92 30620 15
> 2014-11-25 10:03:07.199 276.210 UDP 74.212.199.178:1900 ->
> xxx.xxx.xxx.xxx:2000 97 31679 15
> 2014-11-25 10:03:15.889 280.911 UDP 76.164.135.230:1900 ->
> xxx.xxx.xxx.xxx:2000 104 34735 15
> 2014-11-25 10:03:16.539 281.160 UDP 223.86.103.60:1900 ->
> xxx.xxx.xxx.xxx:2000 219 70708 15
> 2014-11-25 10:03:09.039 277.170 UDP 76.188.213.136:1900 ->
> xxx.xxx.xxx.xxx:2000 124 41052 15
> 2014-11-25 10:03:20.429 283.200 UDP 76.184.161.101:1900 ->
> xxx.xxx.xxx.xxx:2000 125 41331 15
> 2014-11-25 10:03:17.250 281.459 UDP 112.15.157.230:1900 ->
> xxx.xxx.xxx.xxx:2000 198 64578 15
> 2014-11-25 10:03:20.280 282.979 UDP 112.71.4.58:1900 ->
> xxx.xxx.xxx.xxx:2000 140 47645 15
> 2014-11-25 10:03:08.769 276.921 UDP 114.30.27.241:1900 ->
> xxx.xxx.xxx.xxx:2000 84 26660 15
> 2014-11-25 10:03:17.189 281.371 UDP 112.122.211.170:1900 ->
> xxx.xxx.xxx.xxx:2000 171 55550 15
> 2014-11-25 10:03:17.559 281.640 UDP 114.29.118.54:1900 ->
> xxx.xxx.xxx.xxx:2000 116 36534 15
> 2014-11-25 10:03:15.369 281.391 UDP 221.248.225.14:1900 ->
> xxx.xxx.xxx.xxx:2000 71 25825 15
> 2014-11-25 10:03:16.779 281.301 UDP 1.183.169.99:1900 ->
> xxx.xxx.xxx.xxx:2000 282 91378 15
> 2014-11-25 10:03:13.749 279.651 UDP 111.199.26.173:1900 ->
> xxx.xxx.xxx.xxx:2000 90 28040 15
> 2014-11-25 10:03:19.159 282.300 UDP 110.255.55.121:1900 ->
> xxx.xxx.xxx.xxx:2000 193 61886 15
> 2014-11-25 10:03:19.929 282.950 UDP 183.132.77.60:1900 ->
> xxx.xxx.xxx.xxx:2000 174 56410 15
> 2014-11-25 10:03:09.059 277.190 UDP 110.182.18.179:1900 ->
> xxx.xxx.xxx.xxx:2000 121 39192 15
> 2014-11-25 10:03:13.399 279.380 UDP 221.0.100.118:1900 ->
> xxx.xxx.xxx.xxx:2000 216 69794 15
> 2014-11-25 10:03:08.009 276.680 UDP 74.78.35.12:1900 ->
> xxx.xxx.xxx.xxx:2000 106 34816 15
> 2014-11-25 10:03:20.649 283.250 UDP 113.140.95.2:1900 ->
> xxx.xxx.xxx.xxx:2000 94 29498 15
> 2014-11-25 10:03:07.709 276.480 UDP 186.3.20.73:1900 ->
> xxx.xxx.xxx.xxx:2000 95 30651 15
> 2014-11-25 10:03:14.270 280.119 UDP 76.169.34.99:1900 ->
> xxx.xxx.xxx.xxx:2000 110 36708 15
> 2014-11-25 10:03:07.500 276.319 UDP 220.239.246.222:1900 ->
> xxx.xxx.xxx.xxx:2000 122 40436 15
> 2014-11-25 10:03:08.840 277.049 UDP 112.155.129.111:1900 ->
> xxx.xxx.xxx.xxx:2000 139 43449 15
> 2014-11-25 10:03:08.300 276.899 UDP 186.204.143.161:1900 ->
> xxx.xxx.xxx.xxx:2000 128 42448 15
> 2014-11-25 10:03:13.969 279.840 UDP 111.113.14.234:1900 ->
> xxx.xxx.xxx.xxx:2000 213 68444 15
> 2014-11-25 10:03:08.270 276.889 UDP 76.177.184.194:1900 ->
> xxx.xxx.xxx.xxx:2000 85 28063 15
> 2014-11-25 10:03:19.889 282.841 UDP 74.64.94.225:1900 ->
> xxx.xxx.xxx.xxx:2000 110 36152 15
> 2014-11-25 10:03:17.399 281.491 UDP 113.246.18.86:1900 ->
> xxx.xxx.xxx.xxx:2000 209 67486 15
> 2014-11-25 10:03:16.239 281.100 UDP 184.144.102.17:1900 ->
> xxx.xxx.xxx.xxx:2000 100 32890 15
> 2014-11-25 10:03:09.409 277.350 UDP 183.154.212.26:1900 ->
> xxx.xxx.xxx.xxx:2000 201 65052 15
> 2014-11-25 10:03:19.729 282.840 UDP 77.105.207.197:1900 ->
> xxx.xxx.xxx.xxx:2000 110 32390 15
> 2014-11-25 10:03:12.849 280.670 UDP 222.91.53.166:1900 ->
> xxx.xxx.xxx.xxx:2000 226 72822 15
> 2014-11-25 10:03:08.879 277.110 UDP 186.15.216.134:1900 ->
> xxx.xxx.xxx.xxx:2000 119 39323 15
> 2014-11-25 10:03:14.280 279.909 UDP 221.3.81.70:1900 ->
> xxx.xxx.xxx.xxx:2000 194 62940 15
> 2014-11-25 10:03:12.879 279.190 UDP 75.105.175.230:1900 ->
> xxx.xxx.xxx.xxx:2000 95 31189 15
> 2014-11-25 10:03:08.589 276.970 UDP 76.88.176.191:1900 ->
> xxx.xxx.xxx.xxx:2000 121 40461 15
> 2014-11-25 10:03:15.729 280.730 UDP 220.94.53.175:1900 ->
> xxx.xxx.xxx.xxx:2000 202 65134 15
> 2014-11-25 10:03:09.729 277.550 UDP 223.16.51.201:1900 ->
> xxx.xxx.xxx.xxx:2000 79 25116 15
> 2014-11-25 10:03:07.149 275.941 UDP 111.165.29.32:1900 ->
> xxx.xxx.xxx.xxx:2000 165 53614 15
> 2014-11-25 10:03:20.209 282.961 UDP 220.246.56.60:1900 ->
> xxx.xxx.xxx.xxx:2000 130 38582 15
> 2014-11-25 10:03:09.570 277.430 UDP 183.132.168.13:1900 ->
> xxx.xxx.xxx.xxx:2000 169 55028 15
> 2014-11-25 10:03:07.249 276.160 UDP 114.34.76.61:1900 ->
> xxx.xxx.xxx.xxx:2000 88 27826 15
> 2014-11-25 10:03:07.989 276.740 UDP 184.167.247.185:1900 ->
> xxx.xxx.xxx.xxx:2000 81 26805 15
> 2014-11-25 10:03:07.969 276.421 UDP 113.1.106.181:1900 ->
> xxx.xxx.xxx.xxx:2000 169 54636 15
> 2014-11-25 10:03:09.729 277.600 UDP 184.166.101.67:1900 ->
> xxx.xxx.xxx.xxx:2000 103 34185 15
> 2014-11-25 10:03:14.019 279.860 UDP 1.183.226.19:1900 ->
> xxx.xxx.xxx.xxx:2000 185 60008 15
> 2014-11-25 10:03:13.669 279.550 UDP 222.134.3.102:1900 ->
> xxx.xxx.xxx.xxx:2000 219 70800 15
> 2014-11-25 10:03:16.789 281.301 UDP 112.69.22.86:1900 ->
> xxx.xxx.xxx.xxx:2000 115 38836 15
> 2014-11-25 10:03:07.100 276.090 UDP 112.160.137.133:1900 ->
> xxx.xxx.xxx.xxx:2000 93 28688 15
> 2014-11-25 10:03:07.879 276.551 UDP 112.186.151.94:1900 ->
> xxx.xxx.xxx.xxx:2000 120 37564 15
> 2014-11-25 10:03:14.009 279.990 UDP 75.80.131.195:1900 ->
> xxx.xxx.xxx.xxx:2000 127 41906 15
> 2014-11-25 10:03:09.249 277.270 UDP 114.27.201.148:1900 ->
> xxx.xxx.xxx.xxx:2000 107 35229 15
> 2014-11-25 10:03:07.749 276.340 UDP 39.73.170.137:1900 ->
> xxx.xxx.xxx.xxx:2000 277 89394 15
> 2014-11-25 10:03:07.450 276.399 UDP 111.182.66.144:1900 ->
> xxx.xxx.xxx.xxx:2000 271 87978 15
> 2014-11-25 10:03:09.129 274.620 UDP 75.185.209.71:1900 ->
> xxx.xxx.xxx.xxx:2000 207 60700 15
> 2014-11-25 10:03:20.300 283.109 UDP 74.195.63.180:1900 ->
> xxx.xxx.xxx.xxx:2000 100 31152 15
> 2014-11-25 10:03:13.550 279.639 UDP 222.105.31.50:1900 ->
> xxx.xxx.xxx.xxx:2000 95 29618 15
> 2014-11-25 10:03:20.649 283.220 UDP 112.152.209.172:1900 ->
> xxx.xxx.xxx.xxx:2000 101 31849 15
> 2014-11-25 10:03:20.230 282.940 UDP 112.243.145.48:1900 ->
> xxx.xxx.xxx.xxx:2000 201 65212 15
> 2014-11-25 10:03:20.260 283.159 UDP 184.66.111.75:1900 ->
> xxx.xxx.xxx.xxx:2000 108 34862 15
> 2014-11-25 10:03:09.529 277.530 UDP 221.248.31.125:1900 ->
> xxx.xxx.xxx.xxx:2000 199 73765 15
> 2014-11-25 10:03:07.480 276.309 UDP 1.223.31.51:1900 ->
> xxx.xxx.xxx.xxx:2000 112 35058 15
> 2014-11-25 10:03:09.699 277.711 UDP 76.75.95.192:1900 ->
> xxx.xxx.xxx.xxx:2000 134 39338 15
> 2014-11-25 10:03:07.549 276.310 UDP 222.185.239.29:1900 ->
> xxx.xxx.xxx.xxx:2000 166 54678 15
> 2014-11-25 10:03:16.899 281.360 UDP 222.118.2.251:1900 ->
> xxx.xxx.xxx.xxx:2000 111 34696 15
> 2014-11-25 10:03:16.779 281.301 UDP 112.187.84.122:1900 ->
> xxx.xxx.xxx.xxx:2000 87 26926 15
> 2014-11-25 10:03:16.089 280.741 UDP 220.207.185.155:1900 ->
> xxx.xxx.xxx.xxx:2000 210 68020 15
> 2014-11-25 10:03:15.959 281.030 UDP 74.77.41.87:1900 ->
> xxx.xxx.xxx.xxx:2000 104 34108 15
> 2014-11-25 10:03:20.079 283.000 UDP 74.64.73.54:1900 ->
> xxx.xxx.xxx.xxx:2000 151 49789 15
> 2014-11-25 10:03:19.579 282.640 UDP 221.174.188.111:1900 ->
> xxx.xxx.xxx.xxx:2000 215 69674 15
> 2014-11-25 10:03:14.059 279.890 UDP 113.27.66.74:1900 ->
> xxx.xxx.xxx.xxx:2000 262 84644 15
> 2014-11-25 10:03:09.149 276.660 UDP 222.101.121.147:1900 ->
> xxx.xxx.xxx.xxx:2000 166 54316 15
> 2014-11-25 10:03:09.439 277.420 UDP 184.90.133.234:1900 ->
> xxx.xxx.xxx.xxx:2000 93 29739 15
> 2014-11-25 10:03:19.021 282.498 UDP 184.57.83.104:1900 ->
> xxx.xxx.xxx.xxx:2000 99 32773 15
> 2014-11-25 10:03:19.109 282.410 UDP 113.25.81.160:1900 ->
> xxx.xxx.xxx.xxx:2000 223 72362 15
> 2014-11-25 10:03:09.590 277.380 UDP 223.18.108.39:1900 ->
> xxx.xxx.xxx.xxx:2000 139 41173 15
> 2014-11-25 10:03:20.029 282.771 UDP 110.231.7.183:1900 ->
> xxx.xxx.xxx.xxx:2000 206 66716 15
> 2014-11-25 10:03:17.179 278.721 UDP 76.108.104.99:1900 ->
> xxx.xxx.xxx.xxx:2000 114 34265 15
> 2014-11-25 10:03:20.029 282.990 UDP 75.109.47.136:1900 ->
> xxx.xxx.xxx.xxx:2000 133 36643 15
> 2014-11-25 10:03:20.029 282.741 UDP 39.72.68.54:1900 ->
> xxx.xxx.xxx.xxx:2000 211 68156 15
> 2014-11-25 10:03:09.149 277.070 UDP 183.230.30.92:1900 ->
> xxx.xxx.xxx.xxx:2000 190 61352 15
> 2014-11-25 10:03:19.119 282.370 UDP 183.140.239.116:1900 ->
> xxx.xxx.xxx.xxx:2000 187 60888 15
> 2014-11-25 10:03:07.589 276.391 UDP 1.202.113.123:1900 ->
> xxx.xxx.xxx.xxx:2000 171 55324 15
> 2014-11-25 10:03:06.879 275.730 UDP 112.229.175.109:1900 ->
> xxx.xxx.xxx.xxx:2000 201 65166 15
> 2014-11-25 10:03:20.079 282.920 UDP 114.34.109.251:1900 ->
> xxx.xxx.xxx.xxx:2000 74 23504 15
> 2014-11-25 10:03:19.909 282.851 UDP 1.193.202.64:1900 ->
> xxx.xxx.xxx.xxx:2000 218 70844 15
> 2014-11-25 10:03:20.309 283.240 UDP 75.110.105.222:1900 ->
> xxx.xxx.xxx.xxx:2000 95 31471 15
> 2014-11-25 10:03:08.879 277.191 UDP 75.87.82.176:1900 ->
> xxx.xxx.xxx.xxx:2000 132 43168 15
> 2014-11-25 10:03:14.039 279.900 UDP 1.183.8.200:1900 ->
> xxx.xxx.xxx.xxx:2000 260 84158 15
> 2014-11-25 10:03:08.760 276.910 UDP 111.193.48.82:1900 ->
> xxx.xxx.xxx.xxx:2000 214 69406 15
> 2014-11-25 10:03:16.089 280.850 UDP 111.194.69.134:1900 ->
> xxx.xxx.xxx.xxx:2000 204 65910 15
> 2014-11-25 10:03:20.179 282.870 UDP 221.7.177.103:1900 ->
> xxx.xxx.xxx.xxx:2000 108 36103 15
> 2014-11-25 10:03:07.709 276.310 UDP 39.80.8.244:1900 ->
> xxx.xxx.xxx.xxx:2000 200 64728 15
> 2014-11-25 10:03:08.599 277.020 UDP 74.138.7.2:1900 ->
> xxx.xxx.xxx.xxx:2000 100 32750 15
> 2014-11-25 10:03:07.050 276.079 UDP 220.132.77.214:1900 ->
> xxx.xxx.xxx.xxx:2000 212 69950 15
> 2014-11-25 10:03:14.069 279.751 UDP 110.231.154.249:1900 ->
> xxx.xxx.xxx.xxx:2000 183 59508 15
> 2014-11-25 10:03:06.979 275.812 UDP 221.207.203.210:1900 ->
> xxx.xxx.xxx.xxx:2000 222 71824 15
> 2014-11-25 10:03:07.930 276.749 UDP 111.222.26.200:1900 ->
> xxx.xxx.xxx.xxx:2000 207 66400 15
> 2014-11-25 10:03:08.709 277.080 UDP 184.56.135.108:1900 ->
> xxx.xxx.xxx.xxx:2000 127 41725 15
> 2014-11-25 10:03:19.759 282.670 UDP 39.76.123.60:1900 ->
> xxx.xxx.xxx.xxx:2000 199 64286 15
> 2014-11-25 10:03:08.499 276.771 UDP 221.206.165.14:1900 ->
> xxx.xxx.xxx.xxx:2000 187 60624 15
> 2014-11-25 10:03:16.499 281.040 UDP 110.245.0.96:1900 ->
> xxx.xxx.xxx.xxx:2000 256 82798 15
> 2014-11-25 10:03:13.900 279.409 UDP 222.248.135.26:1900 ->
> xxx.xxx.xxx.xxx:2000 189 61124 15
> 2014-11-25 10:03:16.819 281.311 UDP 112.223.130.68:1900 ->
> xxx.xxx.xxx.xxx:2000 89 28354 15
> 2014-11-25 10:03:16.549 281.070 UDP 110.230.96.101:1900 ->
> xxx.xxx.xxx.xxx:2000 177 57584 15
> 2014-11-25 10:03:19.989 282.870 UDP 114.38.245.251:1900 ->
> xxx.xxx.xxx.xxx:2000 87 27432 15
> 2014-11-25 10:03:09.299 277.410 UDP 76.65.100.93:1900 ->
> xxx.xxx.xxx.xxx:2000 80 26582 15
> 2014-11-25 10:03:07.040 276.179 UDP 222.216.152.249:1900 ->
> xxx.xxx.xxx.xxx:2000 91 28696 15
> 2014-11-25 10:03:20.280 282.999 UDP 222.42.191.141:1900 ->
> xxx.xxx.xxx.xxx:2000 178 57338 15
> 2014-11-25 10:03:07.189 276.260 UDP 76.84.57.22:1900 ->
> xxx.xxx.xxx.xxx:2000 94 31208 15
> 2014-11-25 10:03:07.149 276.000 UDP 113.1.43.167:1900 ->
> xxx.xxx.xxx.xxx:2000 190 61910 15
> 2014-11-25 10:03:07.910 276.460 UDP 76.121.217.129:1900 ->
> xxx.xxx.xxx.xxx:2000 114 38148 15
> 2014-11-25 10:03:07.339 276.080 UDP 112.231.140.64:1900 ->
> xxx.xxx.xxx.xxx:2000 209 67816 15
> 2014-11-25 10:03:08.609 276.470 UDP 75.111.43.100:1900 ->
> xxx.xxx.xxx.xxx:2000 107 31644 15
> 2014-11-25 10:03:08.119 276.590 UDP 112.226.42.121:1900 ->
> xxx.xxx.xxx.xxx:2000 187 60394 15
> 2014-11-25 10:03:08.559 277.040 UDP 75.109.220.77:1900 ->
> xxx.xxx.xxx.xxx:2000 98 31856 15
> 2014-11-25 10:03:16.129 281.030 UDP 185.42.39.54:1900 ->
> xxx.xxx.xxx.xxx:2000 81 25324 15
> 2014-11-25 10:03:20.399 283.161 UDP 184.59.238.15:1900 ->
> xxx.xxx.xxx.xxx:2000 122 39864 15
> 2014-11-25 10:03:20.649 283.120 UDP 39.71.133.31:1900 ->
> xxx.xxx.xxx.xxx:2000 212 68918 15
> 2014-11-25 10:03:18.349 279.291 UDP 74.194.84.25:1900 ->
> xxx.xxx.xxx.xxx:2000 155 43958 15
> 2014-11-25 10:03:10.460 277.840 UDP 112.229.91.50:1900 ->
> xxx.xxx.xxx.xxx:2000 185 59624 15
> 2014-11-25 10:03:07.749 276.470 UDP 220.135.183.224:1900 ->
> xxx.xxx.xxx.xxx:2000 87 26928 15
> 2014-11-25 10:03:20.260 282.900 UDP 110.205.193.235:1900 ->
> xxx.xxx.xxx.xxx:2000 67 21616 15
> 2014-11-25 10:03:09.079 277.090 UDP 112.109.208.62:1900 ->
> xxx.xxx.xxx.xxx:2000 196 64190 15
> 2014-11-25 10:03:07.470 276.199 UDP 221.162.190.166:1900 ->
> xxx.xxx.xxx.xxx:2000 83 25654 15
> 2014-11-25 10:03:09.069 277.300 UDP 75.108.19.236:1900 ->
> xxx.xxx.xxx.xxx:2000 85 26891 15
> 2014-11-25 10:03:16.549 281.501 UDP 112.68.192.83:1900 ->
> xxx.xxx.xxx.xxx:2000 114 38754 15
> 2014-11-25 10:03:13.520 279.689 UDP 76.170.190.166:1900 ->
> xxx.xxx.xxx.xxx:2000 130 42928 15
> 2014-11-25 10:03:08.290 276.789 UDP 223.8.148.60:1900 ->
> xxx.xxx.xxx.xxx:2000 200 65182 15
> 2014-11-25 10:03:20.429 283.120 UDP 110.182.157.26:1900 ->
> xxx.xxx.xxx.xxx:2000 222 72046 15
> 2014-11-25 10:03:14.309 279.890 UDP 112.194.175.126:1900 ->
> xxx.xxx.xxx.xxx:2000 180 58600 15
> 2014-11-25 10:03:08.389 276.660 UDP 221.180.46.143:1900 ->
> xxx.xxx.xxx.xxx:2000 183 59348 15
> 2014-11-25 10:03:09.849 278.990 UDP 186.188.12.7:1900 ->
> xxx.xxx.xxx.xxx:2000 85 27625 15
> 2014-11-25 10:03:20.449 283.050 UDP 112.232.106.45:1900 ->
> xxx.xxx.xxx.xxx:2000 185 59968 15
> 2014-11-25 10:03:07.289 276.200 UDP 1.198.97.217:1900 ->
> xxx.xxx.xxx.xxx:2000 232 74770 15
> 2014-11-25 10:03:08.059 276.660 UDP 112.70.237.232:1900 ->
> xxx.xxx.xxx.xxx:2000 98 30554 15
> 2014-11-25 10:03:15.939 280.851 UDP 1.209.43.228:1900 ->
> xxx.xxx.xxx.xxx:2000 112 34822 15
> 2014-11-25 10:03:08.189 276.540 UDP 39.83.112.25:1900 ->
> xxx.xxx.xxx.xxx:2000 199 64188 15
> 2014-11-25 10:03:19.549 282.680 UDP 112.162.23.134:1900 ->
> xxx.xxx.xxx.xxx:2000 96 29802 15
> 2014-11-25 10:03:15.339 282.630 UDP 77.20.226.136:1900 ->
> xxx.xxx.xxx.xxx:2000 144 42204 15
> 2014-11-25 10:03:19.949 282.700 UDP 221.3.28.180:1900 ->
> xxx.xxx.xxx.xxx:2000 243 78774 15
> 2014-11-25 10:03:17.089 281.361 UDP 113.1.32.54:1900 ->
> xxx.xxx.xxx.xxx:2000 193 62012 15
> 2014-11-25 10:03:19.629 282.780 UDP 76.180.102.0:1900 ->
> xxx.xxx.xxx.xxx:2000 91 30041 15
> 2014-11-25 10:03:07.569 276.330 UDP 221.229.151.27:1900 ->
> xxx.xxx.xxx.xxx:2000 186 61344 15
> 2014-11-25 10:03:20.759 283.250 UDP 112.214.34.172:1900 ->
> xxx.xxx.xxx.xxx:2000 97 30818 15
> 2014-11-25 10:03:08.479 276.950 UDP 2.104.142.249:1900 ->
> xxx.xxx.xxx.xxx:2000 177 51459 15
> 2014-11-25 10:03:07.430 276.299 UDP 221.126.51.133:1900 ->
> xxx.xxx.xxx.xxx:2000 125 41223 15
> 2014-11-25 10:03:20.509 283.160 UDP 221.121.181.237:1900 ->
> xxx.xxx.xxx.xxx:2000 128 43135 15
> 2014-11-25 10:03:09.069 277.100 UDP 1.190.78.141:1900 ->
> xxx.xxx.xxx.xxx:2000 214 69342 15
> 2014-11-25 10:03:08.979 277.040 UDP 220.237.1.29:1900 ->
> xxx.xxx.xxx.xxx:2000 120 39562 15
> 2014-11-25 10:03:07.480 276.269 UDP 113.122.61.2:1900 ->
> xxx.xxx.xxx.xxx:2000 164 53332 15
> 2014-11-25 10:03:15.869 280.790 UDP 111.225.221.211:1900 ->
> xxx.xxx.xxx.xxx:2000 214 68782 15
> 2014-11-25 10:03:08.089 276.690 UDP 111.227.203.249:1900 ->
> xxx.xxx.xxx.xxx:2000 237 76822 15
> 2014-11-25 10:03:09.309 277.291 UDP 76.178.161.150:1900 ->
> xxx.xxx.xxx.xxx:2000 104 33958 15
> 2014-11-25 10:03:21.289 282.660 UDP 74.197.125.199:1900 ->
> xxx.xxx.xxx.xxx:2000 103 30770 15
> 2014-11-25 10:03:07.529 276.420 UDP 75.82.13.27:1900 ->
> xxx.xxx.xxx.xxx:2000 139 45367 15
> 2014-11-25 10:03:20.230 283.009 UDP 222.82.60.62:1900 ->
> xxx.xxx.xxx.xxx:2000 218 70460 15
> 2014-11-25 10:03:07.930 276.520 UDP 111.151.76.7:1900 ->
> xxx.xxx.xxx.xxx:2000 228 74158 15
> 2014-11-25 10:03:19.569 282.610 UDP 39.187.95.132:1900 ->
> xxx.xxx.xxx.xxx:2000 189 60508 15
> 2014-11-25 10:03:13.229 279.470 UDP 111.170.197.54:1900 ->
> xxx.xxx.xxx.xxx:2000 174 56496 15
> 2014-11-25 10:03:19.669 282.810 UDP 74.193.226.91:1900 ->
> xxx.xxx.xxx.xxx:2000 118 38956 15
> 2014-11-25 10:03:13.359 279.580 UDP 74.228.220.52:1900 ->
> xxx.xxx.xxx.xxx:2000 103 34253 15
> 2014-11-25 10:03:14.270 279.979 UDP 222.120.54.86:1900 ->
> xxx.xxx.xxx.xxx:2000 85 26583 15
> 2014-11-25 10:03:08.859 276.960 UDP 112.91.246.94:1900 ->
> xxx.xxx.xxx.xxx:2000 177 57620 15
> 2014-11-25 10:03:16.259 280.911 UDP 112.159.126.16:1900 ->
> xxx.xxx.xxx.xxx:2000 183 59382 15
> 2014-11-25 10:03:16.010 280.879 UDP 113.122.107.235:1900 ->
> xxx.xxx.xxx.xxx:2000 168 54558 15
> 2014-11-25 10:03:08.679 276.930 UDP 183.138.233.72:1900 ->
> xxx.xxx.xxx.xxx:2000 216 70108 15
> 2014-11-25 10:03:19.729 282.630 UDP 112.241.238.179:1900 ->
> xxx.xxx.xxx.xxx:2000 173 55994 15
> 2014-11-25 10:03:13.799 279.640 UDP 39.68.105.45:1900 ->
> xxx.xxx.xxx.xxx:2000 187 60310 15
> 2014-11-25 10:03:16.020 280.959 UDP 76.182.146.53:1900 ->
> xxx.xxx.xxx.xxx:2000 101 33441 15
> 2014-11-25 10:03:16.129 280.850 UDP 112.242.77.241:1900 ->
> xxx.xxx.xxx.xxx:2000 230 74214 15
> 2014-11-25 10:03:20.079 282.960 UDP 184.153.176.134:1900 ->
> xxx.xxx.xxx.xxx:2000 116 38230 15
> 2014-11-25 10:03:19.649 282.710 UDP 184.56.63.88:1900 ->
> xxx.xxx.xxx.xxx:2000 101 33069 15
> 2014-11-25 10:03:20.399 283.070 UDP 222.105.74.26:1900 ->
> xxx.xxx.xxx.xxx:2000 211 68755 15
> 2014-11-25 10:03:20.399 283.171 UDP 184.164.181.219:1900 ->
> xxx.xxx.xxx.xxx:2000 95 30243 15
> 2014-11-25 10:03:19.569 282.600 UDP 221.220.242.226:1900 ->
> xxx.xxx.xxx.xxx:2000 165 53554 15
> 2014-11-25 10:03:08.689 276.971 UDP 220.90.49.195:1900 ->
> xxx.xxx.xxx.xxx:2000 86 26980 15
> 2014-11-25 10:03:20.499 283.251 UDP 77.110.20.63:1900 ->
> xxx.xxx.xxx.xxx:2000 106 31210 15
> 2014-11-25 10:03:09.049 277.051 UDP 112.248.158.17:1900 ->
> xxx.xxx.xxx.xxx:2000 142 46170 15
> 2014-11-25 10:03:08.999 276.220 UDP 186.69.42.232:1900 ->
> xxx.xxx.xxx.xxx:2000 138 40915 15
> 2014-11-25 10:03:16.389 281.360 UDP 76.92.183.240:1900 ->
> xxx.xxx.xxx.xxx:2000 112 36730 15
> 2014-11-25 10:03:13.840 279.669 UDP 112.248.182.178:1900 ->
> xxx.xxx.xxx.xxx:2000 190 61528 15
> 2014-11-25 10:03:07.819 276.631 UDP 74.194.102.101:1900 ->
> xxx.xxx.xxx.xxx:2000 121 39921 15
> 2014-11-25 10:03:05.149 277.680 UDP 220.210.128.131:1900 ->
> xxx.xxx.xxx.xxx:2000 126 42428 15
> 2014-11-25 10:03:07.470 276.130 UDP 39.64.41.91:1900 ->
> xxx.xxx.xxx.xxx:2000 235 76180 15
> 2014-11-25 10:03:06.989 276.020 UDP 222.105.7.232:1900 ->
> xxx.xxx.xxx.xxx:2000 116 36104 15
> 2014-11-25 10:03:07.139 275.951 UDP 113.9.142.172:1900 ->
> xxx.xxx.xxx.xxx:2000 192 62478 15
> 2014-11-25 10:03:19.899 283.120 UDP 113.75.181.143:1900 ->
> xxx.xxx.xxx.xxx:2000 170 55676 15
> 2014-11-25 10:03:07.969 276.640 UDP 75.81.195.75:1900 ->
> xxx.xxx.xxx.xxx:2000 94 30728 15
> 2014-11-25 10:03:09.170 277.229 UDP 111.1.77.108:1900 ->
> xxx.xxx.xxx.xxx:2000 179 57936 15
> 2014-11-25 10:03:16.879 281.281 UDP 220.248.188.7:1900 ->
> xxx.xxx.xxx.xxx:2000 194 63624 15
> 2014-11-25 10:03:15.379 281.690 UDP 75.109.212.72:1900 ->
> xxx.xxx.xxx.xxx:2000 140 39772 15
> 2014-11-25 10:03:13.399 279.600 UDP 76.181.16.176:1900 ->
> xxx.xxx.xxx.xxx:2000 127 41965 15
> 2014-11-25 10:03:20.349 283.610 UDP 222.179.55.155:1900 ->
> xxx.xxx.xxx.xxx:2000 265 87546 15
> 2014-11-25 10:03:13.649 279.701 UDP 76.185.100.109:1900 ->
> xxx.xxx.xxx.xxx:2000 90 28714 15
> 2014-11-25 10:03:08.340 276.909 UDP 75.183.86.213:1900 ->
> xxx.xxx.xxx.xxx:2000 134 43056 15
> 2014-11-25 10:03:09.159 277.230 UDP 222.178.8.193:1900 ->
> xxx.xxx.xxx.xxx:2000 195 64044 15
> 2014-11-25 10:03:07.519 276.220 UDP 110.243.128.66:1900 ->
> xxx.xxx.xxx.xxx:2000 218 70340 15
> Summary: total flows: 1210620, total bytes: 3629034438, total packets:
> 11495709, avg bps: 14252467, avg pps: 5643, avg bpp: 315
> Time window: 2014-11-25 09:34:09 - 2014-11-25 10:08:06
> Total flows processed: 1210620, Blocks skipped: 0, Bytes read: 67795608
> Sys: 0.584s flows/second: 2072855.2 Wall: 0.590s flows/second: 2051317.7
>
> Rodrigo Augusto
> Gestor de T.I. Grupo Connectoway
> http://www.connectoway.com.br <http://www.connectoway.com.br/>
> http://www.1telecom.com.br <http://www.1telecom.com.br/>
> * rodrigo at connectoway.com.br <mailto:rodrigo at connectoway.com.br>
> ( (81) 3497-6060
> ( (81) 8184-3646
> ( INOC-DBA 52965*100
>
>
> --
> gter list https://eng.registro.br/mailman/listinfo/gter
--
Patrick Tracanelli
FreeBSD Brasil LTDA.
Tel.: (31) 3516-0800
316601 at sip.freebsdbrasil.com.br
http://www.freebsdbrasil.com.br
"Long live Hanin Elias, Kim Deal!"
More information about the gter
mailing list