Results 1 to 7 of 7

Thread: Abuse issue

  1. #1
    Join Date
    Jan 2004
    Location
    <<Canada>>
    Posts
    736

    Abuse issue

    I got Abuse issue Tickets from FDC today, Which i have install new OS few days ago, only have 2 website i know they would not send out any spam email or anything..




    Due to the below email, their is an abuse issue with your server. You have 24hrs
    to respond on how you will correct this issue before we null route the ip.
    Further complaints, without action may result in deactivation of your server.

    Thanks for your cooperation.




    --begin disclaimer
    You are receiving this message because you are listed as contact of
    one of the networks or domains involved in this incident. If you are
    not the correct contact please ignore this message.
    --end

    Dear Mr,

    Please investigate the incident described in the following partial log,
    giving the treatment as your AUP permit, reporting the measures to all
    recipients of this message.

    In case of non acceptable treatment or reincidence, it will be taken
    restrictive measures to protect .BR registry.

    Info---------------------------------------------------------------------
    Timezone: GMT -2:00

    The port in question was 10000 - registered in IANA[2] for: Network Data
    Management Protocol

    The e-mail contact it was gotten by the following consultation:
    whois -h whois.lacnic.net 66.90.101.xxx
    Whois-----------------------------------------------------------------------

    % Joint Whois - whois.lacnic.net
    % This server accepts single ASN, IPv4 or IPv6 queries

    OrgName: FDC Servers.net, LLC
    OrgID: FDCSE
    Address: 141 West Jackson Blvd, Suite 1135
    City: Chicago
    StateProv: IL
    PostalCode: 60604
    Country: US

    NetRange: 66.90.64.0 - 66.90.127.255
    CIDR: 66.90.64.0/18
    NetName: FDCSERVERS
    NetHandle: NET-66-90-64-0-1
    Parent: NET-66-0-0-0-0
    NetType: Direct Allocation
    Comment:
    RegDate: 2003-08-18
    Updated: 2004-02-26

    OrgAbuseHandle: ABUSE438-ARIN
    OrgAbuseName: ABUSE department
    OrgAbusePhone: +1-312-913-9304
    OrgAbuseEmail: abuse@fdcservers.net

    OrgNOCHandle: NOC1402-ARIN
    OrgNOCName: Network Operations Center
    OrgNOCPhone: +1-312-913-9304
    OrgNOCEmail: abuse@fdcservers.net

    OrgTechHandle: PKR5-ARIN
    OrgTechName: Kral, Petr
    OrgTechPhone: +1-630-729-0228
    OrgTechEmail: abuse@fdcservers.net

    # ARIN WHOIS database, last updated 2008-01-22 19:10
    # Enter ? for additional hints on searching ARIN's WHOIS database.
    Logs-----------------------------------------------------------------------
    Jan 22 11:51:08.961984 66.90.101.xxx.59733 > xxx.xxx.2.8.10000: S [tcp sum
    ok] 1684154077:1684154077(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
    117, id 47077, len 48)
    Jan 22 11:51:08.962002 66.90.101.xxx.59733 > xxx.xxx.2.15.10000: S [tcp sum
    ok] 2112584473:2112584473(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
    116, id 54111, len 48)
    Jan 22 11:51:08.962018 66.90.101.xxx.59733 > xxx.xxx.2.11.10000: S [tcp sum
    ok] 784051742:784051742(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117,
    id 34960, len 48)
    Jan 22 11:51:08.962043 66.90.101.xxx.59733 > xxx.xxx.2.16.10000: S [tcp sum
    ok] 188686613:188686613(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117,
    id 8194, len 48)
    Jan 22 11:51:08.962057 66.90.101.xxx.59733 > xxx.xxx.2.10.10000: S [tcp sum
    ok] 1829533742:1829533742(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
    117, id 26158, len 48)
    Jan 22 11:51:08.962080 66.90.101.xxx.59733 > xxx.xxx.2.12.10000: S [tcp sum
    ok] 1559560773:1559560773(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
    116, id 4558, len 48)
    Jan 22 11:51:08.962093 66.90.101.xxx.59733 > xxx.xxx.2.9.10000: S [tcp sum
    ok] 60930635:60930635(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117, id
    551, len 48)
    Jan 22 11:51:08.965238 66.90.101.xxx.59733 > xxx.xxx.2.3.10000: S [tcp sum
    ok] 1935758257:1935758257(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
    116, id 30880, len 48)
    Jan 22 11:51:08.965255 66.90.101.xxx.59733 > xxx.xxx.2.6.10000: S [tcp sum
    ok] 320818338:320818338(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 116,
    id 64458, len 48)
    Jan 22 11:51:08.965269 66.90.101.xxx.59733 > xxx.xxx.2.5.10000: S [tcp sum
    ok] 1008076437:1008076437(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
    116, id 61696, len 48)
    Jan 22 11:51:08.965358 66.90.101.xxx.59733 > xxx.xxx.2.7.10000: S [tcp sum
    ok] 1245430327:1245430327(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
    117, id 36480, len 48)
    Jan 22 11:51:08.965457 66.90.101.xxx.59733 > xxx.xxx.2.4.10000: S [tcp sum
    ok] 793274186:793274186(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117,
    id 61857, len 48)
    Jan 22 11:51:09.021874 66.90.101.xxx.59733 > xxx.xxx.3.3.10000: S [tcp sum
    ok] 1996503177:1996503177(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
    117, id 52385, len 48)
    Jan 22 11:51:09.021889 66.90.101.xxx.59733 > xxx.xxx.3.2.10000: S [tcp sum
    ok] 889471784:889471784(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117,
    id 47750, len 48)
    Jan 22 11:51:09.021901 66.90.101.xxx.59733 > xxx.xxx.3.10.10000: S [tcp sum
    ok] 1172132754:1172132754(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
    116, id 4789, len 48)
    Jan 22 11:51:09.021913 66.90.101.xxx.59733 > xxx.xxx.3.6.10000: S [tcp sum
    ok] 996827291:996827291(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117,
    id 35755, len 48)
    Jan 22 11:51:09.021977 66.90.101.xxx.59733 > xxx.xxx.3.7.10000: S [tcp sum
    ok] 2042869772:2042869772(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
    117, id 40982, len 48)
    Jan 22 11:51:09.021997 66.90.101.xxx.59733 > xxx.xxx.3.15.10000: S [tcp sum
    ok] 634319381:634319381(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117,
    id 30669, len 48)
    Jan 22 11:51:09.022027 66.90.101.xxx.59733 > xxx.xxx.3.11.10000: S [tcp sum
    ok] 2131637759:2131637759(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
    117, id 27812, len 48)
    Jan 22 11:51:09.022039 66.90.101.xxx.59733 > xxx.xxx.3.14.10000: S [tcp sum
    ok] 1309555074:1309555074(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
    117, id 10431, len 48)
    Jan 22 11:51:09.022142 66.90.101.xxx.59733 > xxx.xxx.3.25.10000: S [tcp sum
    ok] 989958199:989958199(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 116,
    id 45799, len 48)
    Jan 22 11:51:09.022191 66.90.101.xxx.59733 > xxx.xxx.3.24.10000: S [tcp sum
    ok] 101883680:101883680(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117,
    id 49362, len 48)
    Jan 22 11:51:09.022257 66.90.101.xxx.59733 > xxx.xxx.3.26.10000: S [tcp sum
    ok] 210025634:210025634(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 116,
    id 59831, len 48)
    Jan 22 11:51:09.022311 66.90.101.xxx.59733 > xxx.xxx.3.27.10000: S [tcp sum
    ok] 1944286393:1944286393(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
    117, id 32133, len 48)
    Jan 22 11:51:09.022354 66.90.101.xxx.59733 > xxx.xxx.3.29.10000: S [tcp sum
    ok] 528531788:528531788(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117,
    id 60511, len 48)
    Jan 22 11:51:09.022366 66.90.101.xxx.59733 > xxx.xxx.3.30.10000: S [tcp sum
    ok] 1256955455:1256955455(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
    117, id 46928, len 48)
    Jan 22 11:51:09.022454 66.90.101.xxx.59733 > xxx.xxx.3.28.10000: S [tcp sum
    ok] 917687525:917687525(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117,
    id 11226, len 48)
    Jan 22 11:51:09.022466 66.90.101.xxx.59733 > xxx.xxx.3.31.10000: S [tcp sum
    ok] 740855272:740855272(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117,
    id 46629, len 48)
    Jan 22 11:51:09.025217 66.90.101.xxx.59733 > xxx.xxx.3.0.10000: S [tcp sum
    ok] 1932864041:1932864041(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
    117, id 10616, len 48)
    Jan 22 11:51:09.025331 66.90.101.xxx.59733 > xxx.xxx.3.9.10000: S [tcp sum
    ok] 166285570:166285570(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 116,
    id 59532, len 48)
    Jan 22 11:51:09.025368 66.90.101.xxx.59733 > xxx.xxx.3.1.10000: S [tcp sum
    ok] 945510895:945510895(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117,
    id 16635, len 48)
    Jan 22 11:51:09.025381 66.90.101.xxx.59733 > xxx.xxx.3.12.10000: S [tcp sum
    ok] 1458343556:1458343556(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
    116, id 45004, len 48)
    Jan 22 11:51:09.025401 66.90.101.xxx.59733 > xxx.xxx.3.5.10000: S [tcp sum
    ok] 1553092366:1553092366(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
    117, id 15188, len 48)
    Jan 22 11:51:09.025413 66.90.101.xxx.59733 > xxx.xxx.3.16.10000: S [tcp sum
    ok] 1619343055:1619343055(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
    116, id 55400, len 48)
    Jan 22 11:51:09.025477 66.90.101.xxx.59733 > xxx.xxx.3.4.10000: S [tcp sum
    ok] 721764457:721764457(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117,
    id 62736, len 48)
    Jan 22 11:51:09.025515 66.90.101.xxx.59733 > xxx.xxx.3.8.10000: S [tcp sum
    ok] 626624473:626624473(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117,
    id 39994, len 48)
    Jan 22 11:51:09.025529 66.90.101.xxx.59733 > xxx.xxx.3.19.10000: S [tcp sum
    ok] 83345541:83345541(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 116, id
    26960, len 48)
    Jan 22 11:51:09.025549 66.90.101.xxx.59733 > xxx.xxx.3.20.10000: S [tcp sum
    ok] 486329073:486329073(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 116,
    id 48354, len 48)
    Jan 22 11:51:09.025570 66.90.101.xxx.59733 > xxx.xxx.3.21.10000: S [tcp sum
    ok] 152174292:152174292(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 116,
    id 62177, len 48)
    Jan 22 11:51:09.025582 66.90.101.xxx.59733 > xxx.xxx.3.17.10000: S [tcp sum
    ok] 420713422:420713422(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117,
    id 36980, len 48)
    Jan 22 11:51:09.025594 66.90.101.xxx.59733 > xxx.xxx.3.13.10000: S [tcp sum
    ok] 2056062441:2056062441(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
    117, id 59477, len 48)
    Jan 22 11:51:09.025606 66.90.101.xxx.59733 > xxx.xxx.3.22.10000: S [tcp sum
    ok] 1508406195:1508406195(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
    116, id 33126, len 48)
    Jan 22 11:51:09.025627 66.90.101.xxx.59733 > xxx.xxx.3.23.10000: S [tcp sum
    ok] 571253529:571253529(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 116,
    id 34639, len 48)
    Jan 22 11:51:09.025826 66.90.101.xxx.59733 > xxx.xxx.3.32.10000: S [tcp sum
    ok] 2073225781:2073225781(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
    116, id 10712, len 48)
    Jan 22 11:51:09.025967 66.90.101.xxx.59733 > xxx.xxx.3.33.10000: S [tcp sum
    ok] 1848571470:1848571470(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
    117, id 52465, len 48)
    Jan 22 11:51:09.033609 66.90.101.xxx.59733 > xxx.xxx.3.38.10000: S [tcp sum
    ok] 969738274:969738274(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 116,
    id 64137, len 48)
    Jan 22 11:51:09.033622 66.90.101.xxx.59733 > xxx.xxx.3.35.10000: S [tcp sum
    ok] 1291978731:1291978731(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
    117, id 64584, len 48)
    Jan 22 11:51:09.033698 66.90.101.xxx.59733 > xxx.xxx.3.34.10000: S [tcp sum
    ok] 2063395517:2063395517(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
    117, id 27665, len 48)
    Jan 22 11:51:09.033771 66.90.101.xxx.59733 > xxx.xxx.3.39.10000: S [tcp sum
    ok] 1578638919:1578638919(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
    117, id 48086, len 48)
    Jan 22 11:51:09.033783 66.90.101.238.59733 > xxx.xxx.3.42.10000: S [tcp sum
    ok] 1090390350:1090390350(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
    117, id 53810, len 48)
    ...262 lines

    References
    ----------------------------------------------------------------------------

    [1] www.iana.org/assignments/port-numbers

    Regards,
    <<< Please see Forum Guidelines for signature setup. >>>

  2. #2
    Join Date
    Sep 2006
    Location
    New York
    Posts
    26
    Quote Originally Posted by W4 Hosting View Post
    I got Abuse issue Tickets from FDC today, Which i have install new OS few days ago, only have 2 website i know they would not send out any spam email or anything..

    What type of hosting do you have?

  3. #3
    Join Date
    Jan 2004
    Location
    <<Canada>>
    Posts
    736
    I just host 2 forum and one image site..
    <<< Please see Forum Guidelines for signature setup. >>>

  4. #4
    Join Date
    Sep 2006
    Location
    New York
    Posts
    26
    Quote Originally Posted by W4 Hosting View Post
    I just host 2 forum and one image site..

    I mean is this shared, reseller or dedicated?

  5. #5
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    9,072
    I'll get to the point, your server appears to be flooding another server with TCP packets on port 10000. Why? Most likely as an attempt to launch a Denial of Service attack and disrupt access to the other server.

    Instead of just guessing as to whether you have been compromised, or if someone is using your server maliciously (without root access) to launch this apparent attack, hire a server management company that specializes in security who can thoroughly investigate the complaint and properly secure your server.
    RACK911 Labs | Penetration Testing | https://www.RACK911Labs.ca

    www.HostingSecList.com - Security Notices for the Hosting Community.

  6. #6
    Join Date
    Jan 2003
    Location
    U.S.A.
    Posts
    3,928
    I am guessing that most likely your on a reseller account and client of yours is dos another server.

  7. #7
    Join Date
    Jan 2004
    Location
    <<Canada>>
    Posts
    736
    I ave hire platinumservermanagement do the clean up job,, I hope they will do nice job..


    I no longer host any clients, this is server for out 2 website. AND it dedicated server..
    <<< Please see Forum Guidelines for signature setup. >>>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •