well here is the reply I got from the site in Finland:
Quote:
The traffic you are seeing in your Unreal Tournament game
servers is a part of a Distributed Denial of Service (DDoS)
attack attempt against the host at 130.230.72.156
(valokola.modeemi.cs.tut.fi). The traffic does NOT originate
from that host, or from the entire TUT network, but instead
the packet source addresses have been forged.
The attackers are attempting to use your Unreal Tournament
server to flood the host with traffic.
For more information about the vulnerability in Unreal
Tournament that is being exploited, see
http://cert.uni-stuttgart.de/archive/bugtr...7/msg00035.html
For a server fix, see
http://www.securityfocus.com/bid/5148/solution/
Unfortunately there is nothing we can do to stop the forged
traffic from reaching your servers, since the traffic does not
originate from our network. Your best bet is to filter out
packets with the source address 130.230.72.156 destined to your
game servers. That host is not used for games. You could also
contact your own network provider to see if they can help in
determining the real source of the traffic.
Also, to make sure such attacks cannot be launched from your
network, please make sure that you do not allow outgoing traffic
with packet source addresses outside of your network.
Best Regards,
Martti Jokipii
--
Martti Jokipii # E-mail: ![[email address]](?emailimage=be9d06eaa5d80090b3ce8b9457b0e49b)
Tampere University of Technology # Phone: +358 3 3115 2425
Network Administration # GSM: +358 40 849 0804
P.O. Box 692, 33101 Tampere, FINLAND # FAX: +358 3 3115 2172
|
wonder why they don't turn that machine off or disable that IP ? maybe the "forged" attacker will move some where else or stop ??
Quote:
Your best bet is to filter out
packets with the source address 130.230.72.156 destined to your
game servers
|
Sorry, not much of a IT/Networking guru, how do you block traffic from this IP? on a standard Windows XP pro system.