Anybody seeing a pattern here? - SYN flood spoofing

home | blog | Teh Internet | guest blog |rants | political | projects | Gwen and Liam | Citadel patched | Tools | Scouts


- Careful Chrome users, this search box might be "Not secure"



So far, I have had the following IP's become what I assume is the brunt end of a spoofed SYN flood attack:
139.99.118.123 <- observed from a server where I could not block - lasted almost 4 hours!
45.195.133.8
149.56.180.254

Not sure what the connection is, but if someone knows, feel free to let me know.
Not sure what to make of it yet.

Update Oct 1 2018
The spoofing continues.
Seems to now include some Cloudflare, Google User Content, and random other targets.
The rotating behavior is new as well.
Much of the hate seems directed at:
104.27.154.184 - with other hosts in rotation (off and then on again short burst attacks).
35.229.174.32 - seems to be in second place for the disdain.
others... (the burst ones that seem only to be attacked from 1 to 5 minutes at a shot over a 20 to 40 minute interval)
23.247.6.249
35.201.183.114
35.229.174.32
103.37.233.28
103.239.30.128
103.37.233.28
103.49.209.135
103.74.194.188
103.91.58.12
134.175.181.91
149.56.154.192
149.56.154.193
149.56.154.194
149.56.154.195
149.56.180.252
149.56.180.252
149.56.180.253
149.56.180.255
154.85.11.21
167.114.41.148
167.114.41.149
167.114.41.150
167.114.41.150
198.44.230.98
203.205.158.12
203.205.158.22
203.205.158.24
203.205.158.25
203.205.158.44



[æ]