Results 1 to 6 of 6
  1. #1

    ACK-SYNs from ICS IPs

    It looks like someone is spoofing your address to make these connections. This is a common technique to either DDoS these targets, or DDoS you with the reply traffic. Some devices will flood a network with SYN-ACKs if you don't reply with a Reset (try to configure your firewall to not just drop the packets, but to send a reset back. this may reduce the attack volume)

  2. #2

    ACK-SYNs from ICS IPs

    Thank you for your fast reply.

    I will try to force an IP change. Hope it will help.

  3. #3

    ACK-SYNs from ICS IPs

    Did you consider setting syn-cookies if available on this device ?

  4. #4

    ACK-SYNs from ICS IPs

    As I work in Co-Sharing Work place. T do blogging and writing. But when i try to reach more sites of blog or articles, some show we don't allow 2 account on same IP and some times they show your IP is blacklisted. I mailed them but they didn't respond. Any solution for this. Maybe other colleagues in this working place done something terrible on these sites. but is there anyway by that i can Get one new unique ip by that i can access those sites.

  5. #5

    ACK-SYNs from ICS IPs

    I wrote a long and detailed reply yesterday and again today, but neither make it through. Attempt #3...

    It is similar to Mirai. We have been seeing that pattern of SynAcks also since 18th/September - first seen from CloudFlare (CF):

  6. #6
    Volume started very low:
    35 from 18-31st September (23 of which arrived on 2 separate days on 21st and 23rd),
    29 in October (25 on the last day of the month) and then it ramped up significantly to...
    1194 in November and
    2590 in December.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts