Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Too much packets to tcp what does it indicate

[nabeelamjad]

What does it mean is it indicate ddos attacks?

From 58.32.23.4 - 1160 packets to tcp(1034,1036,1046,1055,1072,1084,1086,1097,1108,1109,1124,1138,1144,1146,1161,1174,1179,1180,1199,1206,1208,1237,1242,1275,1295,1296,1298,1313,1335,1 346,1349,1357,1384,1404,1419,1420,1475,1484,1509,1510,1538,1545,1547,1585,1593,1612,1684,1689,1690,1729,1731,1733,1736,1746,1749,1752,1753,1756,1762,1 763,1765,1768,1770,1779,1782,1784,1785,1786,1787,1789,1792,1794,1800,1806,1856,1877,1879,1885,1930,1988,2004,2005,2022,2027,2073,2077,2099,2109,2113,2 177,2178,2179,2180,2184,2185,2206,2237,2259,2266,2267,2282,2288,2313,2333,2500,2562,2565,2574,2585,2615,2617,2618,2657,2664,2666,2674,2686,2687,2808,2 821,2831,2836,2846,2867,2892,2904,2949,2950,2964,2984,2993,3101,3130,3210,3215,3285,3336,3359,3572,3638,3695,3696,3700,3848,3893,3973,4023,4030,4235,4 269,4293,4358,4370,4380,4398,4414,4472,4509,4549,4571,4585,4606,4608,4635,4685,4766,4778,4780,4812,4836,4844,4858,4902,4903,4909,4912,4916,4935,4936,4 937,4943,4955,4989,5534,5940,6245,6250,6256,6264,6367,7359,7564,7940,8538,9338,10203,10462,10763,11037,11332,11348,11462,11606,11633,11971,12177,12213 ,12242,12267,12276,12283,12307,12361,12399,12457,12472,12584,12645,12648,12793,12829,12842,12906,13197,13438,13807,14465,14493,14762,14765,14768,14769 ,14778,14779,14795,14981,15913,16474,16506,17060,17565,18047,18131,18191,18342,19113,20426,20702,21575,22062,22099,22379,22420,22423,22440,22675,22908 ,23100,23747,23766,24121,24248,24315,24365,24372,24411,24420,24425,24436,24486,24494,24639,25290,25507,26122,26702,26923,26975,27213,27302,27357,27409 ,27947,28731,28821,28982,29197,29227,29249,29285,29448,30472,30554,30564,30584,30632,31346,31628,31899,32074,32093,32306,32562,32566,32657,33968,33980 ,34442,34947,35047,35423,35599,35718,36937,38131,38404,38580,38696,38982,38995,38998,39001,39006,39036,39041,39077,39205,39288,39412,39822,39880,39999 ,40052,40942,41197,42090,42424,43419,43570,43991,43992,44917,46356,46515,46661,46669,46675,46814,46904,47594,48257,50086,50088,50316,50481,50511,50667 ,50786,50789,50790,50791,50792,50798,50802,50811,50930,50941,50951,50959,50999,51002,51008,51532,51650,51655,52362,52441,52448,52459,52531,52587,52612 ,53013,53223,53232,53237,53267,53284,53288,53941,54256,54789,55144,55228,55463,55522,55648,55846,56130,56807,57504,57765,57812,57814,58340,58850,59239 ,59945,60101,60150,60418,60648,60929,61313,61334,61431,61553,61733,61841,61848,61854,61857,61915,61921,61980,62035,62163,62403,62588,62899,62998,63081 ,63097,63198,63302,63379,63715,64214,64373,64380,64434,64442,64485,64491,64495,64501,64505,64514,65151)

[gypsy]

From the looks of it, you're getting portscanned by a tool that leaves intervals between ports (nmap?). Happens all the time, don't worry about it. If you start getting flooded with requests that your machine/pipe can't handle, THEN you're being DDoSed.

[nabeelamjad]

Quote:

Originally Posted by gypsy

From the looks of it, you're getting portscanned by a tool that leaves intervals between ports (nmap?). Happens all the time, don't worry about it. If you start getting flooded with requests that your machine/pipe can't handle, THEN you're being DDoSed.

ok thanks brother