[GTER] ataques

Patrick Tracanelli eksffa at freebsdbrasil.com.br
Wed Dec 3 16:15:03 -02 2014


> On 03/12/2014, at 15:26, Rodrigo Augusto <rodrigo at 1telecom.com.br> wrote:
> 
> Pessoal, segue um exemplo dos logs gerados no nfdump de uns flows exportados
> de um cliente nosso que recebeu um ataque hoje. alterei o ip de destino para
> xxxxx para preservar o nosso cliente.
> Embora os src ip sejam alguns válidos de fato e com łdono˛, acredito que
> sejam todos spoffingŠ
> Tem algo a se fazer em um caso desses? O fornecedor está nos ajudando
> verificando de que peer veio o ataque( a elevacao de banda) e assim falar
> com o seu peer, e assim sucessivamenteŠe ir cercando até encontrarŠsao
> vários ipąs com vários pacotes por segundoŠ essa ainda foi legal, passou
> apenas 2GB de banda 900kppsŠ

Bem parecido com o caso do João Carlos, exceto que os pacotes UDP tem um tamanho médio maior (300 bytes), o que é ruim que gasta mais banda hehe.

Todos esses IPs são asia e leste europeu também. Você notou se o destino do ataque é constante? Um IP ou um mesmo CIDR? Seguindo a mesma linha anterior, consegue evitar anuncio do prefixo alvo para essas regiões? Communities, ASPath prepending, etc (Déjà vu da outra thread) é viável?

Se não for, firewall. So que quando você filtrar ja terá consumido sua banda e sua vazão.

Agora não me parece ser forjado, apenas distribuído, ja que a maioria desses IPs de origem estão anunciados e respondendo icmp ou tcp/rst. Ou seja estão de pé e em uso - o que não é indício de não serem forjados, mas é menos comum.

Recentemente tive ataque de amplificação snmp de origens similares, na borda de um cliente, bloqueamos por região usando a tabela:

http://ipdeny.com/ipblocks/data/countries/cn.zone

Na verdade bloqueamos (cn|az|by|kz|kg|ru|tj|tm|uz|vn).zone

Depois de 2 dias e denuncias do CSIRT aos operadores do AS de transito, o ataque cessou. Denunciar no AS de origem é em vão quando é CN e KR.

Seus upstream são quais? Do seu cliente no caso. Não tem uma community esperta anti-asia não? hehe :) Rejeitar anúncios pra asia e europa seletivamente, ja que a operadora esta apoiando talvez mesmo sem ter communities na agulha eles possam ajudar nesse sentido se um firewall não for suficiente.


> 
> 
> 
> 
> nfdump -M /var/nfsen/profiles-data/live/xxxxxxxxxxx  -T  -r
> 2014/12/03/nfcapd.201412030910 -n 200 -s record/flows
> Aggregated flows 190707
> Top 200 flows ordered by flows:
> Date first seen          Duration Proto      Src IP Addr:Port          Dst
> IP Addr:Port   Packets   Bytes Flows
> 2014-11-25 10:03:17.439   281.240 UDP      110.125.1.203:1900  ->
> xxx.xxx.xxx.xxx:2000      193    63550    15
> 2014-11-25 10:03:19.699   282.810 UDP     184.153.163.26:1900  ->
> xxx.xxx.xxx.xxx:2000       92    30620    15
> 2014-11-25 10:03:07.199   276.210 UDP     74.212.199.178:1900  ->
> xxx.xxx.xxx.xxx:2000       97    31679    15
> 2014-11-25 10:03:15.889   280.911 UDP     76.164.135.230:1900  ->
> xxx.xxx.xxx.xxx:2000      104    34735    15
> 2014-11-25 10:03:16.539   281.160 UDP      223.86.103.60:1900  ->
> xxx.xxx.xxx.xxx:2000      219    70708    15
> 2014-11-25 10:03:09.039   277.170 UDP     76.188.213.136:1900  ->
> xxx.xxx.xxx.xxx:2000      124    41052    15
> 2014-11-25 10:03:20.429   283.200 UDP     76.184.161.101:1900  ->
> xxx.xxx.xxx.xxx:2000      125    41331    15
> 2014-11-25 10:03:17.250   281.459 UDP     112.15.157.230:1900  ->
> xxx.xxx.xxx.xxx:2000      198    64578    15
> 2014-11-25 10:03:20.280   282.979 UDP        112.71.4.58:1900  ->
> xxx.xxx.xxx.xxx:2000      140    47645    15
> 2014-11-25 10:03:08.769   276.921 UDP      114.30.27.241:1900  ->
> xxx.xxx.xxx.xxx:2000       84    26660    15
> 2014-11-25 10:03:17.189   281.371 UDP    112.122.211.170:1900  ->
> xxx.xxx.xxx.xxx:2000      171    55550    15
> 2014-11-25 10:03:17.559   281.640 UDP      114.29.118.54:1900  ->
> xxx.xxx.xxx.xxx:2000      116    36534    15
> 2014-11-25 10:03:15.369   281.391 UDP     221.248.225.14:1900  ->
> xxx.xxx.xxx.xxx:2000        71   25825    15
> 2014-11-25 10:03:16.779   281.301 UDP       1.183.169.99:1900  ->
> xxx.xxx.xxx.xxx:2000      282    91378    15
> 2014-11-25 10:03:13.749   279.651 UDP     111.199.26.173:1900  ->
> xxx.xxx.xxx.xxx:2000       90    28040    15
> 2014-11-25 10:03:19.159   282.300 UDP     110.255.55.121:1900  ->
> xxx.xxx.xxx.xxx:2000      193    61886    15
> 2014-11-25 10:03:19.929   282.950 UDP      183.132.77.60:1900  ->
> xxx.xxx.xxx.xxx:2000      174    56410    15
> 2014-11-25 10:03:09.059   277.190 UDP     110.182.18.179:1900  ->
> xxx.xxx.xxx.xxx:2000      121    39192    15
> 2014-11-25 10:03:13.399   279.380 UDP      221.0.100.118:1900  ->
> xxx.xxx.xxx.xxx:2000      216    69794    15
> 2014-11-25 10:03:08.009   276.680 UDP        74.78.35.12:1900  ->
> xxx.xxx.xxx.xxx:2000      106    34816    15
> 2014-11-25 10:03:20.649   283.250 UDP       113.140.95.2:1900  ->
> xxx.xxx.xxx.xxx:2000       94    29498    15
> 2014-11-25 10:03:07.709   276.480 UDP        186.3.20.73:1900  ->
> xxx.xxx.xxx.xxx:2000       95    30651   15
> 2014-11-25 10:03:14.270   280.119 UDP       76.169.34.99:1900  ->
> xxx.xxx.xxx.xxx:2000      110    36708    15
> 2014-11-25 10:03:07.500   276.319 UDP    220.239.246.222:1900  ->
> xxx.xxx.xxx.xxx:2000      122    40436    15
> 2014-11-25 10:03:08.840   277.049 UDP    112.155.129.111:1900  ->
> xxx.xxx.xxx.xxx:2000      139    43449    15
> 2014-11-25 10:03:08.300   276.899 UDP    186.204.143.161:1900  ->
> xxx.xxx.xxx.xxx:2000      128    42448    15
> 2014-11-25 10:03:13.969   279.840 UDP     111.113.14.234:1900  ->
> xxx.xxx.xxx.xxx:2000      213    68444    15
> 2014-11-25 10:03:08.270   276.889 UDP     76.177.184.194:1900  ->
> xxx.xxx.xxx.xxx:2000       85    28063    15
> 2014-11-25 10:03:19.889   282.841 UDP       74.64.94.225:1900  ->
> xxx.xxx.xxx.xxx:2000      110    36152    15
> 2014-11-25 10:03:17.399   281.491 UDP      113.246.18.86:1900  ->
> xxx.xxx.xxx.xxx:2000      209    67486    15
> 2014-11-25 10:03:16.239   281.100 UDP     184.144.102.17:1900  ->
> xxx.xxx.xxx.xxx:2000       100   32890    15
> 2014-11-25 10:03:09.409   277.350 UDP     183.154.212.26:1900  ->
> xxx.xxx.xxx.xxx:2000      201    65052    15
> 2014-11-25 10:03:19.729   282.840 UDP     77.105.207.197:1900  ->
> xxx.xxx.xxx.xxx:2000      110    32390    15
> 2014-11-25 10:03:12.849   280.670 UDP      222.91.53.166:1900  ->
> xxx.xxx.xxx.xxx:2000      226    72822    15
> 2014-11-25 10:03:08.879   277.110 UDP     186.15.216.134:1900  ->
> xxx.xxx.xxx.xxx:2000      119    39323    15
> 2014-11-25 10:03:14.280   279.909 UDP        221.3.81.70:1900  ->
> xxx.xxx.xxx.xxx:2000      194    62940    15
> 2014-11-25 10:03:12.879   279.190 UDP     75.105.175.230:1900  ->
> xxx.xxx.xxx.xxx:2000       95    31189    15
> 2014-11-25 10:03:08.589   276.970 UDP      76.88.176.191:1900  ->
> xxx.xxx.xxx.xxx:2000       121   40461    15
> 2014-11-25 10:03:15.729   280.730 UDP      220.94.53.175:1900  ->
> xxx.xxx.xxx.xxx:2000      202    65134    15
> 2014-11-25 10:03:09.729   277.550 UDP      223.16.51.201:1900  ->
> xxx.xxx.xxx.xxx:2000        79    25116   15
> 2014-11-25 10:03:07.149   275.941 UDP      111.165.29.32:1900  ->
> xxx.xxx.xxx.xxx:2000      165    53614    15
> 2014-11-25 10:03:20.209   282.961 UDP      220.246.56.60:1900  ->
> xxx.xxx.xxx.xxx:2000      130    38582    15
> 2014-11-25 10:03:09.570   277.430 UDP     183.132.168.13:1900  ->
> xxx.xxx.xxx.xxx:2000      169    55028    15
> 2014-11-25 10:03:07.249   276.160 UDP       114.34.76.61:1900  ->
> xxx.xxx.xxx.xxx:2000       88    27826    15
> 2014-11-25 10:03:07.989   276.740 UDP    184.167.247.185:1900  ->
> xxx.xxx.xxx.xxx:2000       81    26805    15
> 2014-11-25 10:03:07.969   276.421 UDP      113.1.106.181:1900  ->
> xxx.xxx.xxx.xxx:2000      169    54636    15
> 2014-11-25 10:03:09.729   277.600 UDP     184.166.101.67:1900  ->
> xxx.xxx.xxx.xxx:2000      103    34185    15
> 2014-11-25 10:03:14.019   279.860 UDP       1.183.226.19:1900  ->
> xxx.xxx.xxx.xxx:2000      185    60008    15
> 2014-11-25 10:03:13.669   279.550 UDP      222.134.3.102:1900  ->
> xxx.xxx.xxx.xxx:2000      219    70800    15
> 2014-11-25 10:03:16.789   281.301 UDP       112.69.22.86:1900  ->
> xxx.xxx.xxx.xxx:2000      115    38836    15
> 2014-11-25 10:03:07.100   276.090 UDP    112.160.137.133:1900  ->
> xxx.xxx.xxx.xxx:2000       93    28688    15
> 2014-11-25 10:03:07.879   276.551 UDP     112.186.151.94:1900  ->
> xxx.xxx.xxx.xxx:2000      120    37564    15
> 2014-11-25 10:03:14.009   279.990 UDP      75.80.131.195:1900  ->
> xxx.xxx.xxx.xxx:2000      127    41906    15
> 2014-11-25 10:03:09.249   277.270 UDP     114.27.201.148:1900  ->
> xxx.xxx.xxx.xxx:2000      107    35229    15
> 2014-11-25 10:03:07.749   276.340 UDP      39.73.170.137:1900  ->
> xxx.xxx.xxx.xxx:2000      277    89394    15
> 2014-11-25 10:03:07.450   276.399 UDP     111.182.66.144:1900  ->
> xxx.xxx.xxx.xxx:2000      271    87978    15
> 2014-11-25 10:03:09.129   274.620 UDP      75.185.209.71:1900  ->
> xxx.xxx.xxx.xxx:2000      207    60700    15
> 2014-11-25 10:03:20.300   283.109 UDP      74.195.63.180:1900  ->
> xxx.xxx.xxx.xxx:2000       100   31152    15
> 2014-11-25 10:03:13.550   279.639 UDP      222.105.31.50:1900  ->
> xxx.xxx.xxx.xxx:2000       95    29618    15
> 2014-11-25 10:03:20.649   283.220 UDP    112.152.209.172:1900  ->
> xxx.xxx.xxx.xxx:2000      101    31849    15
> 2014-11-25 10:03:20.230   282.940 UDP     112.243.145.48:1900  ->
> xxx.xxx.xxx.xxx:2000      201    65212    15
> 2014-11-25 10:03:20.260   283.159 UDP      184.66.111.75:1900  ->
> xxx.xxx.xxx.xxx:2000      108    34862    15
> 2014-11-25 10:03:09.529   277.530 UDP     221.248.31.125:1900  ->
> xxx.xxx.xxx.xxx:2000      199    73765    15
> 2014-11-25 10:03:07.480   276.309 UDP        1.223.31.51:1900  ->
> xxx.xxx.xxx.xxx:2000      112    35058    15
> 2014-11-25 10:03:09.699   277.711 UDP       76.75.95.192:1900  ->
> xxx.xxx.xxx.xxx:2000       134   39338    15
> 2014-11-25 10:03:07.549   276.310 UDP     222.185.239.29:1900  ->
> xxx.xxx.xxx.xxx:2000      166    54678    15
> 2014-11-25 10:03:16.899   281.360 UDP      222.118.2.251:1900  ->
> xxx.xxx.xxx.xxx:2000       111    34696   15
> 2014-11-25 10:03:16.779   281.301 UDP     112.187.84.122:1900  ->
> xxx.xxx.xxx.xxx:2000       87    26926    15
> 2014-11-25 10:03:16.089   280.741 UDP    220.207.185.155:1900  ->
> xxx.xxx.xxx.xxx:2000      210    68020    15
> 2014-11-25 10:03:15.959   281.030 UDP        74.77.41.87:1900  ->
> xxx.xxx.xxx.xxx:2000      104    34108    15
> 2014-11-25 10:03:20.079   283.000 UDP        74.64.73.54:1900  ->
> xxx.xxx.xxx.xxx:2000      151    49789    15
> 2014-11-25 10:03:19.579   282.640 UDP    221.174.188.111:1900  ->
> xxx.xxx.xxx.xxx:2000      215    69674    15
> 2014-11-25 10:03:14.059   279.890 UDP       113.27.66.74:1900  ->
> xxx.xxx.xxx.xxx:2000      262    84644    15
> 2014-11-25 10:03:09.149   276.660 UDP    222.101.121.147:1900  ->
> xxx.xxx.xxx.xxx:2000      166    54316    15
> 2014-11-25 10:03:09.439   277.420 UDP     184.90.133.234:1900  ->
> xxx.xxx.xxx.xxx:2000       93    29739    15
> 2014-11-25 10:03:19.021   282.498 UDP      184.57.83.104:1900  ->
> xxx.xxx.xxx.xxx:2000       99    32773    15
> 2014-11-25 10:03:19.109   282.410 UDP      113.25.81.160:1900  ->
> xxx.xxx.xxx.xxx:2000      223    72362    15
> 2014-11-25 10:03:09.590   277.380 UDP      223.18.108.39:1900  ->
> xxx.xxx.xxx.xxx:2000       139    41173   15
> 2014-11-25 10:03:20.029   282.771 UDP      110.231.7.183:1900  ->
> xxx.xxx.xxx.xxx:2000      206    66716    15
> 2014-11-25 10:03:17.179   278.721 UDP      76.108.104.99:1900  ->
> xxx.xxx.xxx.xxx:2000      114    34265    15
> 2014-11-25 10:03:20.029   282.990 UDP      75.109.47.136:1900  ->
> xxx.xxx.xxx.xxx:2000      133    36643    15
> 2014-11-25 10:03:20.029   282.741 UDP        39.72.68.54:1900  ->
> xxx.xxx.xxx.xxx:2000      211    68156    15
> 2014-11-25 10:03:09.149   277.070 UDP      183.230.30.92:1900  ->
> xxx.xxx.xxx.xxx:2000      190    61352    15
> 2014-11-25 10:03:19.119   282.370 UDP    183.140.239.116:1900  ->
> xxx.xxx.xxx.xxx:2000      187    60888    15
> 2014-11-25 10:03:07.589   276.391 UDP      1.202.113.123:1900  ->
> xxx.xxx.xxx.xxx:2000      171    55324    15
> 2014-11-25 10:03:06.879   275.730 UDP    112.229.175.109:1900  ->
> xxx.xxx.xxx.xxx:2000      201    65166    15
> 2014-11-25 10:03:20.079   282.920 UDP     114.34.109.251:1900  ->
> xxx.xxx.xxx.xxx:2000       74    23504    15
> 2014-11-25 10:03:19.909   282.851 UDP       1.193.202.64:1900  ->
> xxx.xxx.xxx.xxx:2000      218    70844    15
> 2014-11-25 10:03:20.309   283.240 UDP     75.110.105.222:1900  ->
> xxx.xxx.xxx.xxx:2000       95    31471    15
> 2014-11-25 10:03:08.879   277.191 UDP       75.87.82.176:1900  ->
> xxx.xxx.xxx.xxx:2000      132    43168    15
> 2014-11-25 10:03:14.039   279.900 UDP        1.183.8.200:1900  ->
> xxx.xxx.xxx.xxx:2000      260    84158    15
> 2014-11-25 10:03:08.760   276.910 UDP      111.193.48.82:1900  ->
> xxx.xxx.xxx.xxx:2000      214    69406    15
> 2014-11-25 10:03:16.089   280.850 UDP     111.194.69.134:1900  ->
> xxx.xxx.xxx.xxx:2000      204    65910    15
> 2014-11-25 10:03:20.179   282.870 UDP      221.7.177.103:1900  ->
> xxx.xxx.xxx.xxx:2000      108    36103    15
> 2014-11-25 10:03:07.709   276.310 UDP        39.80.8.244:1900  ->
> xxx.xxx.xxx.xxx:2000      200    64728    15
> 2014-11-25 10:03:08.599   277.020 UDP         74.138.7.2:1900  ->
> xxx.xxx.xxx.xxx:2000      100    32750    15
> 2014-11-25 10:03:07.050   276.079 UDP     220.132.77.214:1900  ->
> xxx.xxx.xxx.xxx:2000      212    69950    15
> 2014-11-25 10:03:14.069   279.751 UDP    110.231.154.249:1900  ->
> xxx.xxx.xxx.xxx:2000      183    59508    15
> 2014-11-25 10:03:06.979   275.812 UDP    221.207.203.210:1900  ->
> xxx.xxx.xxx.xxx:2000      222    71824    15
> 2014-11-25 10:03:07.930   276.749 UDP     111.222.26.200:1900  ->
> xxx.xxx.xxx.xxx:2000      207    66400    15
> 2014-11-25 10:03:08.709   277.080 UDP     184.56.135.108:1900  ->
> xxx.xxx.xxx.xxx:2000      127    41725    15
> 2014-11-25 10:03:19.759   282.670 UDP       39.76.123.60:1900  ->
> xxx.xxx.xxx.xxx:2000      199    64286    15
> 2014-11-25 10:03:08.499   276.771 UDP     221.206.165.14:1900  ->
> xxx.xxx.xxx.xxx:2000      187    60624    15
> 2014-11-25 10:03:16.499   281.040 UDP       110.245.0.96:1900  ->
> xxx.xxx.xxx.xxx:2000      256    82798    15
> 2014-11-25 10:03:13.900   279.409 UDP     222.248.135.26:1900  ->
> xxx.xxx.xxx.xxx:2000       189   61124    15
> 2014-11-25 10:03:16.819   281.311 UDP     112.223.130.68:1900  ->
> xxx.xxx.xxx.xxx:2000       89    28354    15
> 2014-11-25 10:03:16.549   281.070 UDP     110.230.96.101:1900  ->
> xxx.xxx.xxx.xxx:2000      177    57584    15
> 2014-11-25 10:03:19.989   282.870 UDP     114.38.245.251:1900  ->
> xxx.xxx.xxx.xxx:2000       87    27432    15
> 2014-11-25 10:03:09.299   277.410 UDP       76.65.100.93:1900  ->
> xxx.xxx.xxx.xxx:2000       80    26582    15
> 2014-11-25 10:03:07.040   276.179 UDP    222.216.152.249:1900  ->
> xxx.xxx.xxx.xxx:2000       91    28696    15
> 2014-11-25 10:03:20.280   282.999 UDP     222.42.191.141:1900  ->
> xxx.xxx.xxx.xxx:2000      178    57338    15
> 2014-11-25 10:03:07.189   276.260 UDP        76.84.57.22:1900  ->
> xxx.xxx.xxx.xxx:2000        94   31208    15
> 2014-11-25 10:03:07.149   276.000 UDP       113.1.43.167:1900  ->
> xxx.xxx.xxx.xxx:2000      190    61910    15
> 2014-11-25 10:03:07.910   276.460 UDP     76.121.217.129:1900  ->
> xxx.xxx.xxx.xxx:2000       114    38148   15
> 2014-11-25 10:03:07.339   276.080 UDP     112.231.140.64:1900  ->
> xxx.xxx.xxx.xxx:2000      209    67816    15
> 2014-11-25 10:03:08.609   276.470 UDP      75.111.43.100:1900  ->
> xxx.xxx.xxx.xxx:2000      107    31644    15
> 2014-11-25 10:03:08.119   276.590 UDP     112.226.42.121:1900  ->
> xxx.xxx.xxx.xxx:2000      187    60394    15
> 2014-11-25 10:03:08.559   277.040 UDP      75.109.220.77:1900  ->
> xxx.xxx.xxx.xxx:2000       98    31856    15
> 2014-11-25 10:03:16.129   281.030 UDP       185.42.39.54:1900  ->
> xxx.xxx.xxx.xxx:2000       81    25324    15
> 2014-11-25 10:03:20.399   283.161 UDP      184.59.238.15:1900  ->
> xxx.xxx.xxx.xxx:2000      122    39864    15
> 2014-11-25 10:03:20.649   283.120 UDP       39.71.133.31:1900  ->
> xxx.xxx.xxx.xxx:2000      212    68918    15
> 2014-11-25 10:03:18.349   279.291 UDP       74.194.84.25:1900  ->
> xxx.xxx.xxx.xxx:2000      155    43958    15
> 2014-11-25 10:03:10.460   277.840 UDP      112.229.91.50:1900  ->
> xxx.xxx.xxx.xxx:2000      185    59624    15
> 2014-11-25 10:03:07.749   276.470 UDP    220.135.183.224:1900  ->
> xxx.xxx.xxx.xxx:2000       87    26928    15
> 2014-11-25 10:03:20.260   282.900 UDP    110.205.193.235:1900  ->
> xxx.xxx.xxx.xxx:2000       67    21616    15
> 2014-11-25 10:03:09.079   277.090 UDP     112.109.208.62:1900  ->
> xxx.xxx.xxx.xxx:2000      196    64190    15
> 2014-11-25 10:03:07.470   276.199 UDP    221.162.190.166:1900  ->
> xxx.xxx.xxx.xxx:2000       83    25654    15
> 2014-11-25 10:03:09.069   277.300 UDP      75.108.19.236:1900  ->
> xxx.xxx.xxx.xxx:2000       85    26891    15
> 2014-11-25 10:03:16.549   281.501 UDP      112.68.192.83:1900  ->
> xxx.xxx.xxx.xxx:2000      114    38754    15
> 2014-11-25 10:03:13.520   279.689 UDP     76.170.190.166:1900  ->
> xxx.xxx.xxx.xxx:2000      130    42928    15
> 2014-11-25 10:03:08.290   276.789 UDP       223.8.148.60:1900  ->
> xxx.xxx.xxx.xxx:2000      200    65182    15
> 2014-11-25 10:03:20.429   283.120 UDP     110.182.157.26:1900  ->
> xxx.xxx.xxx.xxx:2000      222    72046    15
> 2014-11-25 10:03:14.309   279.890 UDP    112.194.175.126:1900  ->
> xxx.xxx.xxx.xxx:2000      180    58600    15
> 2014-11-25 10:03:08.389   276.660 UDP     221.180.46.143:1900  ->
> xxx.xxx.xxx.xxx:2000      183    59348    15
> 2014-11-25 10:03:09.849   278.990 UDP       186.188.12.7:1900  ->
> xxx.xxx.xxx.xxx:2000       85    27625    15
> 2014-11-25 10:03:20.449   283.050 UDP     112.232.106.45:1900  ->
> xxx.xxx.xxx.xxx:2000      185    59968    15
> 2014-11-25 10:03:07.289   276.200 UDP       1.198.97.217:1900  ->
> xxx.xxx.xxx.xxx:2000      232    74770    15
> 2014-11-25 10:03:08.059   276.660 UDP     112.70.237.232:1900  ->
> xxx.xxx.xxx.xxx:2000       98    30554    15
> 2014-11-25 10:03:15.939   280.851 UDP       1.209.43.228:1900  ->
> xxx.xxx.xxx.xxx:2000      112    34822    15
> 2014-11-25 10:03:08.189   276.540 UDP       39.83.112.25:1900  ->
> xxx.xxx.xxx.xxx:2000      199    64188    15
> 2014-11-25 10:03:19.549   282.680 UDP     112.162.23.134:1900  ->
> xxx.xxx.xxx.xxx:2000        96   29802    15
> 2014-11-25 10:03:15.339   282.630 UDP      77.20.226.136:1900  ->
> xxx.xxx.xxx.xxx:2000      144    42204    15
> 2014-11-25 10:03:19.949   282.700 UDP       221.3.28.180:1900  ->
> xxx.xxx.xxx.xxx:2000      243    78774    15
> 2014-11-25 10:03:17.089   281.361 UDP        113.1.32.54:1900  ->
> xxx.xxx.xxx.xxx:2000      193    62012    15
> 2014-11-25 10:03:19.629   282.780 UDP       76.180.102.0:1900  ->
> xxx.xxx.xxx.xxx:2000       91    30041    15
> 2014-11-25 10:03:07.569   276.330 UDP     221.229.151.27:1900  ->
> xxx.xxx.xxx.xxx:2000      186    61344    15
> 2014-11-25 10:03:20.759   283.250 UDP     112.214.34.172:1900  ->
> xxx.xxx.xxx.xxx:2000       97    30818    15
> 2014-11-25 10:03:08.479   276.950 UDP      2.104.142.249:1900  ->
> xxx.xxx.xxx.xxx:2000       177   51459    15
> 2014-11-25 10:03:07.430   276.299 UDP     221.126.51.133:1900  ->
> xxx.xxx.xxx.xxx:2000      125    41223    15
> 2014-11-25 10:03:20.509   283.160 UDP    221.121.181.237:1900  ->
> xxx.xxx.xxx.xxx:2000       128    43135   15
> 2014-11-25 10:03:09.069   277.100 UDP       1.190.78.141:1900  ->
> xxx.xxx.xxx.xxx:2000      214    69342    15
> 2014-11-25 10:03:08.979   277.040 UDP       220.237.1.29:1900  ->
> xxx.xxx.xxx.xxx:2000      120    39562    15
> 2014-11-25 10:03:07.480   276.269 UDP       113.122.61.2:1900  ->
> xxx.xxx.xxx.xxx:2000      164    53332    15
> 2014-11-25 10:03:15.869   280.790 UDP    111.225.221.211:1900  ->
> xxx.xxx.xxx.xxx:2000      214    68782    15
> 2014-11-25 10:03:08.089   276.690 UDP    111.227.203.249:1900  ->
> xxx.xxx.xxx.xxx:2000      237    76822    15
> 2014-11-25 10:03:09.309   277.291 UDP     76.178.161.150:1900  ->
> xxx.xxx.xxx.xxx:2000      104    33958    15
> 2014-11-25 10:03:21.289   282.660 UDP     74.197.125.199:1900  ->
> xxx.xxx.xxx.xxx:2000      103    30770    15
> 2014-11-25 10:03:07.529   276.420 UDP        75.82.13.27:1900  ->
> xxx.xxx.xxx.xxx:2000      139    45367    15
> 2014-11-25 10:03:20.230   283.009 UDP       222.82.60.62:1900  ->
> xxx.xxx.xxx.xxx:2000      218    70460    15
> 2014-11-25 10:03:07.930   276.520 UDP       111.151.76.7:1900  ->
> xxx.xxx.xxx.xxx:2000      228    74158    15
> 2014-11-25 10:03:19.569   282.610 UDP      39.187.95.132:1900  ->
> xxx.xxx.xxx.xxx:2000      189    60508    15
> 2014-11-25 10:03:13.229   279.470 UDP     111.170.197.54:1900  ->
> xxx.xxx.xxx.xxx:2000      174    56496    15
> 2014-11-25 10:03:19.669   282.810 UDP      74.193.226.91:1900  ->
> xxx.xxx.xxx.xxx:2000      118    38956    15
> 2014-11-25 10:03:13.359   279.580 UDP      74.228.220.52:1900  ->
> xxx.xxx.xxx.xxx:2000      103    34253    15
> 2014-11-25 10:03:14.270   279.979 UDP      222.120.54.86:1900  ->
> xxx.xxx.xxx.xxx:2000       85    26583    15
> 2014-11-25 10:03:08.859   276.960 UDP      112.91.246.94:1900  ->
> xxx.xxx.xxx.xxx:2000      177    57620    15
> 2014-11-25 10:03:16.259   280.911 UDP     112.159.126.16:1900  ->
> xxx.xxx.xxx.xxx:2000      183    59382    15
> 2014-11-25 10:03:16.010   280.879 UDP    113.122.107.235:1900  ->
> xxx.xxx.xxx.xxx:2000      168    54558    15
> 2014-11-25 10:03:08.679   276.930 UDP     183.138.233.72:1900  ->
> xxx.xxx.xxx.xxx:2000      216    70108    15
> 2014-11-25 10:03:19.729   282.630 UDP    112.241.238.179:1900  ->
> xxx.xxx.xxx.xxx:2000      173    55994    15
> 2014-11-25 10:03:13.799   279.640 UDP       39.68.105.45:1900  ->
> xxx.xxx.xxx.xxx:2000      187    60310    15
> 2014-11-25 10:03:16.020   280.959 UDP      76.182.146.53:1900  ->
> xxx.xxx.xxx.xxx:2000      101    33441    15
> 2014-11-25 10:03:16.129   280.850 UDP     112.242.77.241:1900  ->
> xxx.xxx.xxx.xxx:2000      230    74214    15
> 2014-11-25 10:03:20.079   282.960 UDP    184.153.176.134:1900  ->
> xxx.xxx.xxx.xxx:2000      116    38230    15
> 2014-11-25 10:03:19.649   282.710 UDP       184.56.63.88:1900  ->
> xxx.xxx.xxx.xxx:2000      101    33069    15
> 2014-11-25 10:03:20.399   283.070 UDP      222.105.74.26:1900  ->
> xxx.xxx.xxx.xxx:2000      211    68755    15
> 2014-11-25 10:03:20.399   283.171 UDP    184.164.181.219:1900  ->
> xxx.xxx.xxx.xxx:2000        95   30243    15
> 2014-11-25 10:03:19.569   282.600 UDP    221.220.242.226:1900  ->
> xxx.xxx.xxx.xxx:2000      165    53554    15
> 2014-11-25 10:03:08.689   276.971 UDP      220.90.49.195:1900  ->
> xxx.xxx.xxx.xxx:2000       86    26980    15
> 2014-11-25 10:03:20.499   283.251 UDP       77.110.20.63:1900  ->
> xxx.xxx.xxx.xxx:2000      106    31210    15
> 2014-11-25 10:03:09.049   277.051 UDP     112.248.158.17:1900  ->
> xxx.xxx.xxx.xxx:2000      142    46170    15
> 2014-11-25 10:03:08.999   276.220 UDP      186.69.42.232:1900  ->
> xxx.xxx.xxx.xxx:2000      138    40915    15
> 2014-11-25 10:03:16.389   281.360 UDP      76.92.183.240:1900  ->
> xxx.xxx.xxx.xxx:2000      112    36730    15
> 2014-11-25 10:03:13.840   279.669 UDP    112.248.182.178:1900  ->
> xxx.xxx.xxx.xxx:2000      190    61528    15
> 2014-11-25 10:03:07.819   276.631 UDP     74.194.102.101:1900  ->
> xxx.xxx.xxx.xxx:2000      121    39921    15
> 2014-11-25 10:03:05.149   277.680 UDP    220.210.128.131:1900  ->
> xxx.xxx.xxx.xxx:2000       126   42428    15
> 2014-11-25 10:03:07.470   276.130 UDP        39.64.41.91:1900  ->
> xxx.xxx.xxx.xxx:2000      235    76180    15
> 2014-11-25 10:03:06.989   276.020 UDP      222.105.7.232:1900  ->
> xxx.xxx.xxx.xxx:2000      116    36104    15
> 2014-11-25 10:03:07.139   275.951 UDP      113.9.142.172:1900  ->
> xxx.xxx.xxx.xxx:2000      192    62478    15
> 2014-11-25 10:03:19.899   283.120 UDP     113.75.181.143:1900  ->
> xxx.xxx.xxx.xxx:2000      170    55676    15
> 2014-11-25 10:03:07.969   276.640 UDP       75.81.195.75:1900  ->
> xxx.xxx.xxx.xxx:2000       94    30728    15
> 2014-11-25 10:03:09.170   277.229 UDP       111.1.77.108:1900  ->
> xxx.xxx.xxx.xxx:2000      179    57936    15
> 2014-11-25 10:03:16.879   281.281 UDP      220.248.188.7:1900  ->
> xxx.xxx.xxx.xxx:2000       194   63624    15
> 2014-11-25 10:03:15.379   281.690 UDP      75.109.212.72:1900  ->
> xxx.xxx.xxx.xxx:2000      140    39772    15
> 2014-11-25 10:03:13.399   279.600 UDP      76.181.16.176:1900  ->
> xxx.xxx.xxx.xxx:2000       127    41965   15
> 2014-11-25 10:03:20.349   283.610 UDP     222.179.55.155:1900  ->
> xxx.xxx.xxx.xxx:2000      265    87546    15
> 2014-11-25 10:03:13.649   279.701 UDP     76.185.100.109:1900  ->
> xxx.xxx.xxx.xxx:2000       90    28714    15
> 2014-11-25 10:03:08.340   276.909 UDP      75.183.86.213:1900  ->
> xxx.xxx.xxx.xxx:2000      134    43056    15
> 2014-11-25 10:03:09.159   277.230 UDP      222.178.8.193:1900  ->
> xxx.xxx.xxx.xxx:2000      195    64044    15
> 2014-11-25 10:03:07.519   276.220 UDP     110.243.128.66:1900  ->
> xxx.xxx.xxx.xxx:2000      218    70340    15
> Summary: total flows: 1210620, total bytes: 3629034438, total packets:
> 11495709, avg bps: 14252467, avg pps: 5643, avg bpp: 315
> Time window: 2014-11-25 09:34:09 - 2014-11-25 10:08:06
> Total flows processed: 1210620, Blocks skipped: 0, Bytes read: 67795608
> Sys: 0.584s flows/second: 2072855.2 Wall: 0.590s flows/second: 2051317.7
> 
> Rodrigo Augusto
> Gestor de T.I. Grupo Connectoway
> http://www.connectoway.com.br <http://www.connectoway.com.br/>
> http://www.1telecom.com.br <http://www.1telecom.com.br/>
> * rodrigo at connectoway.com.br <mailto:rodrigo at connectoway.com.br>
> ( (81) 3497-6060
> ( (81) 8184-3646
> ( INOC-DBA 52965*100
> 
> 
> --
> gter list    https://eng.registro.br/mailman/listinfo/gter

--
Patrick Tracanelli

FreeBSD Brasil LTDA.
Tel.: (31) 3516-0800
316601 at sip.freebsdbrasil.com.br
http://www.freebsdbrasil.com.br
"Long live Hanin Elias, Kim Deal!"




More information about the gter mailing list