asked on

SRX IP Spoof problem

We got a citrix netscaler 10010 and SRX 3600 device.

When netscaler gets a spoof attack with 200mbps of download traffic it creates an 200mbps of upload traffic. And checks what if ip is real or not .

But the same attack today come to the SRX with given log below. But it just block it depending on the UDP destination limit and all connections has gone down. That is our ids code as given below also. So why does not juniper check and drop spoof ip calls ?

   screen {
        ids-option internet-screen {
            icmp {
                ip-sweep threshold 5000;
                fragment;
                large;
                flood threshold 50;
                ping-death;
            }
            ip {
                bad-option;
                record-route-option;
                security-option;
                spoofing;
                source-route-option;
                loose-source-route-option;
                strict-source-route-option;
                unknown-protocol;
                block-frag;
                tear-drop;
            }
            tcp {
                syn-fin;
                fin-no-ack;
                tcp-no-flag;
                syn-frag;
                port-scan threshold 5000;
                syn-flood {
                    alarm-threshold 10240;
                    attack-threshold 10000;
                    source-threshold 10240;
                    destination-threshold 20480;
                    queue-size 2000;
                    timeout 2;
                }
                land;
                winnuke;
            }
            udp {
                flood threshold 10000;
            }
        }
    }

Open in new window

2015-04-10 19:40:26.148 5.94.142.51 178.20.231.165 11448 9987 64 0x00 17 16000
2015-04-10 19:40:26.148 5.54.116.170 178.20.231.165 9872 9987 64 0x00 17 16000
2015-04-10 19:40:26.148 5.88.191.226 178.20.231.165 7592 9987 64 0x00 17 16000
2015-04-10 19:40:26.148 5.225.96.8 178.20.231.165 8968 9987 64 0x00 17 16000
2015-04-10 19:40:26.148 5.198.43.242 178.20.231.165 7880 9987 64 0x00 17 16000
2015-04-10 19:40:26.398 5.2.29.21 178.20.231.165 14344 9987 64 0x00 17 16000
2015-04-10 19:40:26.398 5.43.40.89 178.20.231.165 9952 9987 64 0x00 17 16000
2015-04-10 19:40:26.398 5.171.157.206 178.20.231.165 10760 9987 64 0x00 17 16000
2015-04-10 19:40:26.398 5.109.173.159 178.20.231.165 11936 9987 64 0x00 17 16000
2015-04-10 19:40:26.398 5.221.219.79 178.20.231.165 8880 9987 64 0x00 17 16000
2015-04-10 19:40:26.398 5.35.193.62 178.20.231.165 13752 9987 64 0x00 17 16000
2015-04-10 19:40:26.649 5.160.57.246 178.20.231.165 12448 9987 64 0x00 17 16000
2015-04-10 19:40:26.649 5.178.223.184 178.20.231.165 8152 9987 64 0x00 17 16000
2015-04-10 19:40:26.649 5.75.196.23 178.20.231.165 14544 9987 64 0x00 17 16000
2015-04-10 19:40:26.649 5.8.152.45 178.20.231.165 10744 9987 64 0x00 17 16000
2015-04-10 19:40:26.649 5.208.17.13 178.20.231.165 7576 9987 64 0x00 17 16000
2015-04-10 19:40:26.649 5.175.166.114 178.20.231.165 9448 9987 64 0x00 17 16000
2015-04-10 19:40:26.900 5.162.161.234 178.20.231.165 11672 9987 64 0x00 17 16000
2015-04-10 19:40:26.900 5.176.229.92 178.20.231.165 8600 9987 64 0x00 17 16000
2015-04-10 19:40:26.900 5.189.15.35 178.20.231.165 10496 9987 64 0x00 17 16000
2015-04-10 19:40:26.900 5.172.200.15 178.20.231.165 13056 9987 64 0x00 17 16000
2015-04-10 19:40:26.900 5.158.172.110 178.20.231.165 14048 9987 64 0x00 17 16000
2015-04-10 19:40:26.900 5.192.185.85 178.20.231.165 12024 9987 64 0x00 17 16000
2015-04-10 19:40:26.900 5.186.236.176 178.20.231.165 11208 9987 64 0x00 17 16000
2015-04-10 19:40:27.150 5.142.176.147 178.20.231.165 10208 9987 64 0x00 17 16000
2015-04-10 19:40:27.150 5.168.40.26 178.20.231.165 7432 9987 64 0x18 17 16000
2015-04-10 19:40:27.150 5.210.70.201 178.20.231.165 8968 9987 64 0x18 17 16000
2015-04-10 19:40:27.150 5.138.65.129 178.20.231.165 8960 9987 64 0x18 17 16000
2015-04-10 19:40:27.151 5.6.104.198 178.20.231.165 9736 9987 64 0x18 17 16000
2015-04-10 19:40:27.400 5.70.49.58 178.20.231.165 11696 9987 64 0x10 17 16000
2015-04-10 19:40:27.401 5.163.239.12 178.20.231.165 14760 9987 64 0x02 17 16000
2015-04-10 19:40:27.401 5.179.129.172 178.20.231.165 8136 9987 64 0x02 17 16000
2015-04-10 19:40:27.401 5.109.118.185 178.20.231.165 12496 9987 64 0x02 17 16000
2015-04-10 19:40:27.652 5.28.19.220 178.20.231.165 7376 9987 64 0x00 17 16000
2015-04-10 19:40:27.652 5.114.217.138 178.20.231.165 13304 9987 64 0x00 17 16000
2015-04-10 19:40:27.652 5.243.142.121 178.20.231.165 11464 9987 64 0x00 17 16000
2015-04-10 19:40:27.652 5.130.69.68 178.20.231.165 14264 9987 64 0x10 17 16000
2015-04-10 19:40:27.652 5.38.227.240 178.20.231.165 9440 9987 64 0x10 17 16000
2015-04-10 19:40:27.902 5.187.103.137 178.20.231.165 13480 9987 64 0x02 17 16000
2015-04-10 19:40:27.902 5.224.254.146 178.20.231.165 8096 9987 64 0x02 17 16000
2015-04-10 19:40:27.903 5.178.167.69 178.20.231.165 8088 9987 64 0x02 17 16000
2015-04-10 19:40:28.153 5.232.98.6 178.20.231.165 8672 9987 64 0x00 17 16000
2015-04-10 19:40:28.153 5.60.27.182 178.20.231.165 11944 9987 64 0x02 17 16000
2015-04-10 19:40:28.153 5.224.187.121 178.20.231.165 11520 9987 64 0x02 17 16000
2015-04-10 19:40:28.404 5.87.154.95 178.20.231.165 10448 9987 64 0x00 17 16000
2015-04-10 19:40:28.404 5.169.70.65 178.20.231.165 11664 9987 64 0x00 17 16000
2015-04-10 19:40:28.404 5.28.226.142 178.20.231.165 12296 9987 64 0x00 17 16000
2015-04-10 19:40:28.404 5.147.250.230 178.20.231.165 8656 9987 64 0x00 17 16000
2015-04-10 19:40:28.404 5.142.248.26 178.20.231.165 15024 9987 64 0x00 17 16000
2015-04-10 19:40:28.404 5.139.51.248 178.20.231.165 8856 9987 64 0x00 17 16000
2015-04-10 19:40:28.404 5.21.240.170 178.20.231.165 11440 9987 64 0x00 17 16000
2015-04-10 19:40:28.654 5.140.22.146 178.20.231.165 10392 9987 64 0x00 17 16000
2015-04-10 19:40:28.654 5.141.96.25 178.20.231.165 12480 9987 64 0x00 17 16000
2015-04-10 19:40:28.655 5.196.252.115 178.20.231.165 10648 9987 64 0x00 17 16000
2015-04-10 19:40:28.655 5.16.108.78 178.20.231.165 8440 9987 64 0x00 17 16000
2015-04-10 19:40:28.655 5.68.201.12 178.20.231.165 8936 9987 64 0x00 17 16000
2015-04-10 19:40:28.905 5.194.253.251 178.20.231.165 11936 9987 64 0x00 17 16000
2015-04-10 19:40:28.905 5.85.200.200 178.20.231.165 10200 9987 64 0x00 17 16000
2015-04-10 19:40:28.905 5.143.202.48 178.20.231.165 14800 9987 64 0x00 17 16000
2015-04-10 19:40:28.905 5.223.209.189 178.20.231.165 15096 9987 64 0x00 17 16000
2015-04-10 19:40:28.905 5.117.24.162 178.20.231.165 10672 9987 64 0x02 17 16000
2015-04-10 19:40:28.906 5.82.72.47 178.20.231.165 15064 9987 64 0x02 17 16000
2015-04-10 19:40:29.157 5.254.188.105 178.20.231.165 15104 9987 64 0x00 17 16000
2015-04-10 19:40:29.157 5.111.178.93 178.20.231.165 15024 9987 64 0x00 17 16000
2015-04-10 19:40:29.157 5.96.158.118 178.20.231.165 7600 9987 64 0x00 17 16000
2015-04-10 19:40:29.157 5.130.118.135 178.20.231.165 8112 9987 64 0x00 17 16000
2015-04-10 19:40:29.157 5.236.12.0 178.20.231.165 9144 9987 64 0x00 17 16000
2015-04-10 19:40:29.157 5.10.50.153 178.20.231.165 9408 9987 64 0x00 17 16000
2015-04-10 19:40:29.157 5.46.72.91 178.20.231.165 12264 9987 64 0x00 17 16000
2015-04-10 19:40:29.409 5.153.182.139 178.20.231.165 14264 9987 64 0x02 17 16000
2015-04-10 19:40:29.409 5.95.55.170 178.20.231.165 11936 9987 64 0x02 17 16000
2015-04-10 19:40:29.409 5.143.197.36 178.20.231.165 8152 9987 64 0x02 17 16000
2015-04-10 19:40:29.409 5.60.131.160 178.20.231.165 9400 9987 64 0x02 17 16000
2015-04-10 19:40:29.658 5.50.203.50 178.20.231.165 7624 9987 64 0x00 17 16000
2015-04-10 19:40:29.659 5.67.50.242 178.20.231.165 9656 9987 64 0x00 17 16000
2015-04-10 19:40:29.659 5.179.70.232 178.20.231.165 12464 9987 64 0x00 17 16000
2015-04-10 19:40:29.659 5.240.225.57 178.20.231.165 13008 9987 64 0x10 17 16000
2015-04-10 19:40:29.659 5.69.100.75 178.20.231.165 7352 9987 64 0x10 17 16000
2015-04-10 19:40:29.910 5.178.181.128 178.20.231.165 12808 9987 64 0x00 17 16000
2015-04-10 19:40:29.910 5.147.164.21 178.20.231.165 12432 9987 64 0x18 17 16000
2015-04-10 19:40:29.910 5.229.2.107 178.20.231.165 14992 9987 64 0x18 17 16000
2015-04-10 19:40:29.910 5.167.28.127 178.20.231.165 9224 9987 64 0x18 17 16000
2015-04-10 19:40:30.161 5.161.70.67 178.20.231.165 11432 9987 64 0x00 17 16000
2015-04-10 19:40:30.161 5.113.118.225 178.20.231.165 11480 9987 64 0x00 17 16000
2015-04-10 19:40:30.161 5.149.11.14 178.20.231.165 12528 9987 64 0x00 17 16000
2015-04-10 19:40:30.161 5.79.116.8 178.20.231.165 7128 9987 64 0x00 17 16000
2015-04-10 19:40:30.161 5.44.72.240 178.20.231.165 9968 9987 64 0x00 17 16000
2015-04-10 19:40:30.162 5.135.212.18 178.20.231.165 10992 9987 64 0x00 17 16000
2015-04-10 19:40:30.411 5.116.237.193 178.20.231.165 8912 9987 64 0x00 17 16000
2015-04-10 19:40:30.411 5.77.126.114 178.20.231.165 9424 9987 64 0x00 17 16000
2015-04-10 19:40:30.411 5.151.233.199 178.20.231.165 10704 9987 64 0x00 17 16000
2015-04-10 19:40:30.412 5.29.52.242 178.20.231.165 12544 9987 64 0x02 17 16000
2015-04-10 19:40:30.412 5.83.148.192 178.20.231.165 9720 9987 64 0x02 17 16000
2015-04-10 19:40:30.662 5.169.198.180 178.20.231.165 9968 9987 64 0x10 17 16000
2015-04-10 19:40:30.662 5.102.167.31 178.20.231.165 7416 9987 64 0x10 17 16000
2015-04-10 19:40:30.662 5.100.148.98 178.20.231.165 12496 9987 64 0x10 17 16000
2015-04-10 19:40:30.662 5.107.125.98 178.20.231.165 12784 9987 64 0x10 17 16000
2015-04-10 19:40:30.662 5.61.195.198 178.20.231.165 12184 9987 64 0x10 17 16000
2015-04-10 19:40:30.922 5.56.134.76 178.20.231.165 7144 9987 64 0x12 17 16000
2015-04-10 19:40:30.922 5.54.129.123 178.20.231.165 14832 9987 64 0x02 17 16000
2015-04-10 19:40:30.922 5.196.22.193 178.20.231.165 11512 9987 64 0x02 17 16000
2015-04-10 19:40:30.922 5.30.210.132 178.20.231.165 11960 9987 64 0x02 17 16000
2015-04-10 19:40:31.172 5.248.25.172 178.20.231.165 13304 9987 64 0x00 17 16000
2015-04-10 19:40:31.173 5.112.241.9 178.20.231.165 11728 9987 64 0x00 17 16000
2015-04-10 19:40:31.173 5.207.25.74 178.20.231.165 9872 9987 64 0x00 17 16000
2015-04-10 19:40:31.173 5.212.42.179 178.20.231.165 14568 9987 64 0x00 17 16000
2015-04-10 19:40:31.173 5.198.107.197 178.20.231.165 7080 9987 64 0x00 17 16000
2015-04-10 19:40:31.422 5.17.122.67 178.20.231.165 13216 9987 64 0x00 17 16000
2015-04-10 19:40:31.423 5.132.7.52 178.20.231.165 8616 9987 64 0x00 17 16000
2015-04-10 19:40:31.423 5.103.117.64 178.20.231.165 10672 9987 64 0x00 17 16000
2015-04-10 19:40:31.423 5.250.133.158 178.20.231.165 14496 9987 64 0x00 17 16000
2015-04-10 19:40:31.423 5.19.115.15 178.20.231.165 14048 9987 64 0x00 17 16000
2015-04-10 19:40:31.423 5.17.186.80 178.20.231.165 11960 9987 64 0x00 17 16000
2015-04-10 19:40:31.677 5.205.222.17 178.20.231.165 7376 9987 64 0x00 17 16000
2015-04-10 19:40:31.677 5.205.212.143 178.20.231.165 14296 9987 64 0x00 17 16000
2015-04-10 19:40:31.677 5.163.199.179 178.20.231.165 14080 9987 64 0x00 17 16000
2015-04-10 19:40:31.677 5.205.192.95 178.20.231.165 8424 9987 64 0x00 17 16000
2015-04-10 19:40:31.677 5.228.211.243 178.20.231.165 14304 9987 64 0x00 17 16000
2015-04-10 19:40:31.926 5.38.30.193 178.20.231.165 15032 9987 64 0x00 17 16000
2015-04-10 19:40:31.927 5.92.103.73 178.20.231.165 8896 9987 64 0x00 17 16000
2015-04-10 19:40:31.927 5.173.158.242 178.20.231.165 9632 9987 64 0x00 17 16000
2015-04-10 19:40:31.927 5.110.71.147 178.20.231.165 10912 9987 64 0x00 17 16000
2015-04-10 19:40:31.927 5.12.127.10 178.20.231.165 9200 9987 64 0x00 17 16000
2015-04-10 19:40:31.927 5.58.99.116 178.20.231.165 10952 9987 64 0x00 17 16000
2015-04-10 19:40:32.186 5.74.149.215 178.20.231.165 13744 9987 64 0x00 17 16000
2015-04-10 19:40:32.186 5.138.221.65 178.20.231.165 10248 9987 64 0x10 17 16000
2015-04-10 19:40:32.186 5.131.122.217 178.20.231.165 9136 9987 64 0x10 17 16000
2015-04-10 19:40:32.186 5.82.205.246 178.20.231.165 9720 9987 64 0x10 17 16000
2015-04-10 19:40:32.186 5.160.104.53 178.20.231.165 14512 9987 64 0x10 17 16000
2015-04-10 19:40:32.427 5.102.51.59 178.20.231.165 14080 9987 64 0x00 17 16000
2015-04-10 19:40:32.428 5.221.141.177 178.20.231.165 13480 9987 64 0x00 17 16000
2015-04-10 19:40:32.428 5.4.252.221 178.20.231.165 8880 9987 64 0x00 17 16000
2015-04-10 19:40:32.428 5.122.73.83 178.20.231.165 13512 9987 64 0x00 17 16000
2015-04-10 19:40:32.428 5.197.12.236 178.20.231.165 9448 9987 64 0x00 17 16000
2015-04-10 19:40:32.428 5.66.39.93 178.20.231.165 14992 9987 64 0x00 17 16000
2015-04-10 19:40:32.678 5.115.54.46 178.20.231.165 7056 9987 64 0x00 17 16000
2015-04-10 19:40:32.678 5.87.90.239 178.20.231.165 7320 9987 64 0x00 17 16000
2015-04-10 19:40:32.679 5.238.105.186 178.20.231.165 11960 9987 64 0x00 17 16000
2015-04-10 19:40:32.679 5.230.190.140 178.20.231.165 10184 9987 64 0x10 17 16000
2015-04-10 19:40:32.679 5.105.251.45 178.20.231.165 12976 9987 64 0x10 17 16000
2015-04-10 19:40:32.966 5.239.63.65 178.20.231.165 13320 9987 64 0x00 17 16000
2015-04-10 19:40:32.967 5.83.168.155 178.20.231.165 13784 9987 64 0x00 17 16000
2015-04-10 19:40:32.967 5.71.3.62 178.20.231.165 10976 9987 64 0x00 17 16000
2015-04-10 19:40:32.967 5.63.210.24 178.20.231.165 11472 9987 64 0x00 17 16000
2015-04-10 19:40:32.967 5.61.160.64 178.20.231.165 9392 9987 64 0x00 17 16000
2015-04-10 19:40:33.216 5.212.75.196 178.20.231.165 9168 9987 64 0x00 17 16000
2015-04-10 19:40:33.217 5.104.224.153 178.20.231.165 10208 9987 64 0x00 17 16000
2015-04-10 19:40:33.217 5.228.97.39 178.20.231.165 12432 9987 64 0x00 17 16000
2015-04-10 19:40:33.217 5.44.64.223 178.20.231.165 12512 9987 64 0x00 17 16000
2015-04-10 19:40:33.217 5.255.98.100 178.20.231.165 11016 9987 64 0x00 17 16000
2015-04-10 19:40:33.217 5.58.196.184 178.20.231.165 13320 9987 64 0x00 17 16000
2015-04-10 19:40:33.217 5.86.23.247 178.20.231.165 7104 9987 64 0x00 17 16000
2015-04-10 19:40:33.217 5.6.224.253 178.20.231.165 8888 9987 64 0x00 17 16000
2015-04-10 19:40:33.467 5.84.4.218 178.20.231.165 13832 9987 64 0x00 17 16000
2015-04-10 19:40:33.468 5.100.166.15 178.20.231.165 13512 9987 64 0x00 17 16000
2015-04-10 19:40:33.468 5.233.241.7 178.20.231.165 11480 9987 64 0x00 17 16000
2015-04-10 19:40:33.468 5.143.50.213 178.20.231.165 11672 9987 64 0x00 17 16000
2015-04-10 19:40:33.468 5.88.104.254 178.20.231.165 8336 9987 64 0x00 17 16000
2015-04-10 19:40:33.468 5.49.103.255 178.20.231.165 8672 9987 64 0x00 17 16000
2015-04-10 19:40:33.719 5.197.218.193 178.20.231.165 7312 9987 64 0x02 17 16000
2015-04-10 19:40:33.719 5.213.154.93 178.20.231.165 14832 9987 64 0x02 17 16000
2015-04-10 19:40:33.719 5.193.184.166 178.20.231.165 7624 9987 64 0x02 17 16000
2015-04-10 19:40:33.719 5.148.133.196 178.20.231.165 11688 9987 64 0x02 17 16000
2015-04-10 19:40:33.970 5.48.224.104 178.20.231.165 14480 9987 64 0x00 17 16000
2015-04-10 19:40:33.970 5.129.40.161 178.20.231.165 14480 9987 64 0x00 17 16000
2015-04-10 19:40:33.971 5.23.142.242 178.20.231.165 8448 9987 64 0x10 17 16000
2015-04-10 19:40:33.971 5.153.100.136 178.20.231.165 10688 9987 64 0x10 17 16000
2015-04-10 19:40:34.220 5.203.80.93 178.20.231.165 7376 9987 64 0x00 17 16000
2015-04-10 19:40:34.221 5.140.58.46 178.20.231.165 8880 9987 64 0x18 17 16000
2015-04-10 19:40:34.221 5.221.10.150 178.20.231.165 10472 9987 64 0x18 17 16000
2015-04-10 19:40:34.221 5.99.223.121 178.20.231.165 14480 9987 64 0x18 17 16000
2015-04-10 19:40:34.222 5.228.193.203 178.20.231.165 9896 9987 64 0x18 17 16000
2015-04-10 19:40:34.471 5.179.145.121 178.20.231.165 14016 9987 64 0x00 17 16000
2015-04-10 19:40:34.472 5.9.85.124 178.20.231.165 8112 9987 64 0x00 17 16000
2015-04-10 19:40:34.472 5.81.31.233 178.20.231.165 8616 9987 64 0x00 17 16000
2015-04-10 19:40:34.472 5.146.169.76 178.20.231.165 8128 9987 64 0x00 17 16000
2015-04-10 19:40:34.472 5.254.251.228 178.20.231.165 10464 9987 64 0x00 17 16000
2015-04-10 19:40:34.472 5.196.100.103 178.20.231.165 13712 9987 64 0x00 17 16000
2015-04-10 19:40:34.722 5.8.133.29 178.20.231.165 9736 9987 64 0x00 17 16000
2015-04-10 19:40:34.723 5.209.41.171 178.20.231.165 9704 9987 64 0x00 17 16000
2015-04-10 19:40:34.723 5.128.190.112 178.20.231.165 9680 9987 64 0x00 17 16000
2015-04-10 19:40:34.723 5.34.103.118 178.20.231.165 10648 9987 64 0x00 17 16000
2015-04-10 19:40:34.723 5.139.228.20 178.20.231.165 10752 9987 64 0x00 17 16000
2015-04-10 19:40:35.004 5.51.225.30 178.20.231.165 8352 9987 64 0x00 17 16000
2015-04-10 19:40:35.004 5.209.28.43 178.20.231.165 10184 9987 64 0x00 17 16000
2015-04-10 19:40:35.005 5.118.38.251 178.20.231.165 7400 9987 64 0x00 17 16000
2015-04-10 19:40:35.005 5.83.96.61 178.20.231.165 9624 9987 64 0x00 17 16000
2015-04-10 19:40:35.005 5.73.11.181 178.20.231.165 9384 9987 64 0x00 17 16000
2015-04-10 19:40:35.005 5.75.180.134 178.20.231.165 12192 9987 64 0x00 17 16000
2015-04-10 19:40:35.005 5.84.183.64 178.20.231.165 14832 9987 64 0x00 17 16000
2015-04-10 19:40:35.005 5.140.206.11 178.20.231.165 14480 9987 64 0x00 17 16000
2015-04-10 19:40:35.255 5.249.61.44 178.20.231.165 8672 9987 64 0x00 17 16000
2015-04-10 19:40:35.256 5.38.100.155 178.20.231.165 15064 9987 64 0x00 17 16000
2015-04-10 19:40:35.256 5.121.248.60 178.20.231.165 12800 9987 64 0x00 17 16000
2015-04-10 19:40:35.256 5.175.171.132 178.20.231.165 13248 9987 64 0x00 17 16000
2015-04-10 19:40:35.256 5.221.32.122 178.20.231.165 13528 9987 64 0x00 17 16000
2015-04-10 19:40:35.506 5.28.242.190 178.20.231.165 10192 9987 64 0x00 17 16000
2015-04-10 19:40:35.506 5.155.241.32 178.20.231.165 13456 9987 64 0x00 17 16000
2015-04-10 19:40:35.506 5.27.234.125 178.20.231.165 15064 9987 64 0x00 17 16000
2015-04-10 19:40:35.507 5.0.52.140 178.20.231.165 12704 9987 64 0x00 17 16000
2015-04-10 19:40:35.507 5.88.255.204 178.20.231.165 13032 9987 64 0x02 17 16000
2015-04-10 19:40:35.507 5.76.182.76 178.20.231.165 12296 9987 64 0x02 17 16000
2015-04-10 19:40:35.757 5.50.14.240 178.20.231.165 14760 9987 64 0x00 17 16000
2015-04-10 19:40:35.758 5.42.139.144 178.20.231.165 13224 9987 64 0x00 17 16000
2015-04-10 19:40:35.758 5.152.45.211 178.20.231.165 9480 9987 64 0x00 17 16000
2015-04-10 19:40:35.758 5.198.207.77 178.20.231.165 10240 9987 64 0x00 17 16000
2015-04-10 19:40:35.758 5.106.62.36 178.20.231.165 9448 9987 64 0x18 17 16000
2015-04-10 19:40:36.008 5.241.164.182 178.20.231.165 9656 9987 64 0x02 17 16000
2015-04-10 19:40:36.008 5.204.37.88 178.20.231.165 9664 9987 64 0x02 17 16000
2015-04-10 19:40:36.008 5.207.175.19 178.20.231.165 7888 9987 64 0x02 17 16000
2015-04-10 19:40:36.258 5.201.79.238 178.20.231.165 12184 9987 64 0x00 17 16000
2015-04-10 19:40:36.259 5.169.243.162 178.20.231.165 7856 9987 64 0x00 17 16000
2015-04-10 19:40:36.259 5.106.126.51 178.20.231.165 7352 9987 64 0x00 17 16000
2015-04-10 19:40:36.259 5.121.186.57 178.20.231.165 7088 9987 64 0x00 17 16000
2015-04-10 19:40:36.259 5.95.194.251 178.20.231.165 11248 9987 64 0x00 17 16000
2015-04-10 19:40:36.259 5.74.161.109 178.20.231.165 11528 9987 64 0x00 17 16000
2015-04-10 19:40:36.509 5.151.129.114 178.20.231.165 8352 9987 64 0x00 17 16000
2015-04-10 19:40:36.509 5.76.209.245 178.20.231.165 8928 9987 64 0x00 17 16000
2015-04-10 19:40:36.510 5.141.192.148 178.20.231.165 10720 9987 64 0x00 17 16000
2015-04-10 19:40:36.510 5.109.75.54 178.20.231.165 11744 9987 64 0x00 17 16000
2015-04-10 19:40:36.510 5.212.216.37 178.20.231.165 13264 9987 64 0x00 17 16000
2015-04-10 19:40:36.760 5.200.19.232 178.20.231.165 8400 9987 64 0x00 17 16000
2015-04-10 19:40:36.760 5.197.54.52 178.20.231.165 12976 9987 64 0x10 17 16000
2015-04-10 19:40:36.761 5.48.228.125 178.20.231.165 12808 9987 64 0x10 17 16000
2015-04-10 19:40:36.761 5.142.193.55 178.20.231.165 8592 9987 64 0x10 17 16000
2015-04-10 19:40:36.761 5.164.35.2 178.20.231.165 13744 9987 64 0x10 17 16000
2015-04-10 19:40:37.011 5.205.95.236 178.20.231.165 14824 9987 64 0x02 17 16000
2015-04-10 19:40:37.011 5.187.180.99 178.20.231.165 10896 9987 64 0x02 17 16000
2015-04-10 19:40:37.012 5.195.219.251 178.20.231.165 8928 9987 64 0x02 17 16000
2015-04-10 19:40:37.012 5.123.199.81 178.20.231.165 14560 9987 64 0x02 17 16000
2015-04-10 19:40:37.012 5.76.243.155 178.20.231.165 14760 9987 64 0x02 17 16000
2015-04-10 19:40:37.012 5.168.58.127 178.20.231.165 8920 9987 64 0x02 17 16000
2015-04-10 19:40:37.262 5.4.196.23 178.20.231.165 7072 9987 64 0x00 17 16000
2015-04-10 19:40:37.262 5.141.33.27 178.20.231.165 9720 9987 64 0x00 17 16000
2015-04-10 19:40:37.262 5.171.180.72 178.20.231.165 8904 9987 64 0x00 17 16000
2015-04-10 19:40:37.262 5.176.77.125 178.20.231.165 9936 9987 64 0x00 17 16000
2015-04-10 19:40:37.263 5.135.130.171 178.20.231.165 12712 9987 64 0x00 17 16000
2015-04-10 19:40:37.263 5.17.25.219 178.20.231.165 11520 9987 64 0x00 17 16000
2015-04-10 19:40:37.514 5.121.107.158 178.20.231.165 10472 9987 64 0x18 17 16000
2015-04-10 19:40:37.514 5.50.168.126 178.20.231.165 10496 9987 64 0x18 17 16000
2015-04-10 19:40:37.514 5.187.226.82 178.20.231.165 7336 9987 64 0x18 17 16000
2015-04-10 19:40:37.515 5.106.150.235 178.20.231.165 7672 9987 64 0x02 17 16000
2015-04-10 19:40:37.764 5.30.158.152 178.20.231.165 13264 9987 64 0x00 17 16000
2015-04-10 19:40:37.764 5.117.99.45 178.20.231.165 12440 9987 64 0x00 17 16000
2015-04-10 19:40:37.764 5.88.200.32 178.20.231.165 8344 9987 64 0x00 17 16000
2015-04-10 19:40:37.764 5.121.43.111 178.20.231.165 10896 9987 64 0x00 17 16000
2015-04-10 19:40:37.765 5.51.25.244 178.20.231.165 13304 9987 64 0x00 17 16000
2015-04-10 19:40:37.765 5.81.221.67 178.20.231.165 9984 9987 64 0x00 17 16000
2015-04-10 19:40:37.765 5.99.195.116 178.20.231.165 7056 9987 64 0x00 17 16000
2015-04-10 19:40:38.014 5.68.214.43 178.20.231.165 12216 9987 64 0x00 17 16000
2015-04-10 19:40:38.014 5.65.222.121 178.20.231.165 12224 9987 64 0x00 17 16000
2015-04-10 19:40:38.015 5.98.123.144 178.20.231.165 12536 9987 64 0x00 17 16000
2015-04-10 19:40:38.015 5.30.76.233 178.20.231.165 11968 9987 64 0x00 17 16000
2015-04-10 19:40:38.015 5.152.140.169 178.20.231.165 9408 9987 64 0x00 17 16000
2015-04-10 19:40:38.264 5.103.36.218 178.20.231.165 10760 9987 64 0x00 17 16000
2015-04-10 19:40:38.265 5.202.59.157 178.20.231.165 12768 9987 64 0x00 17 16000
2015-04-10 19:40:38.265 5.55.177.249 178.20.231.165 11784 9987 64 0x00 17 16000
2015-04-10 19:40:38.265 5.194.203.123 178.20.231.165 14760 9987 64 0x00 17 16000
2015-04-10 19:40:38.265 5.136.188.66 178.20.231.165 10896 9987 64 0x10 17 16000
2015-04-10 19:40:38.516 5.208.171.67 178.20.231.165 11272 9987 64 0x00 17 16000
2015-04-10 19:40:38.516 5.71.33.12 178.20.231.165 7864 9987 64 0x00 17 16000
2015-04-10 19:40:38.516 5.89.42.65 178.20.231.165 7112 9987 64 0x00 17 16000
2015-04-10 19:40:38.516 5.145.161.99 178.20.231.165 14040 9987 64 0x00 17 16000
2015-04-10 19:40:38.517 5.4.253.48 178.20.231.165 14752 9987 64 0x00 17 16000
2015-04-10 19:40:38.517 5.194.219.247 178.20.231.165 7384 9987 64 0x00 17 16000
2015-04-10 19:40:38.767 5.146.227.172 178.20.231.165 8688 9987 64 0x02 17 16000
2015-04-10 19:40:38.768 5.242.114.240 178.20.231.165 12208 9987 64 0x18 17 16000
2015-04-10 19:40:38.768 5.46.225.43 178.20.231.165 9456 9987 64 0x02 17 16000
2015-04-10 19:40:39.018 5.88.134.75 178.20.231.165 11488 9987 64 0x00 17 16000
2015-04-10 19:40:39.018 5.33.74.75 178.20.231.165 7088 9987 64 0x00 17 16000
2015-04-10 19:40:39.018 5.97.24.30 178.20.231.165 8088 9987 64 0x02 17 16000
2015-04-10 19:40:39.019 5.193.66.213 178.20.231.165 8864 9987 64 0x02 17 16000
2015-04-10 19:40:39.269 5.204.222.170 178.20.231.165 13784 9987 64 0x00 17 16000
2015-04-10 19:40:39.269 5.133.195.3 178.20.231.165 11712 9987 64 0x00 17 16000
2015-04-10 19:40:39.270 5.164.188.89 178.20.231.165 9656 9987 64 0x00 17 16000
2015-04-10 19:40:39.270 5.111.113.157 178.20.231.165 12968 9987 64 0x00 17 16000
2015-04-10 19:40:39.270 5.31.58.15 178.20.231.165 11216 9987 64 0x00 17 16000
2015-04-10 19:40:39.270 5.82.130.157 178.20.231.165 14496 9987 64 0x00 17 16000
2015-04-10 19:40:39.520 5.245.0.242 178.20.231.165 11760 9987 64 0x00 17 16000
2015-04-10 19:40:39.520 5.194.234.9 178.20.231.165 12440 9987 64 0x00 17 16000
2015-04-10 19:40:39.521 5.82.243.113 178.20.231.165 13752 9987 64 0x00 17 16000
2015-04-10 19:40:39.521 5.143.155.170 178.20.231.165 9200 9987 64 0x00 17 16000
2015-04-10 19:40:39.521 5.244.103.11 178.20.231.165 15080 9987 64 0x02 17 16000
2015-04-10 19:40:39.521 5.97.180.141 178.20.231.165 7688 9987 64 0x02 17 16000
2015-04-10 19:40:39.771 5.82.167.162 178.20.231.165 9216 9987 64 0x00 17 16000
2015-04-10 19:40:39.771 5.77.178.145 178.20.231.165 8616 9987 64 0x02 17 16000
2015-04-10 19:40:39.772 5.153.121.118 178.20.231.165 12544 9987 64 0x02 17 16000
2015-04-10 19:40:40.022 5.164.62.129 178.20.231.165 14480 9987 64 0x00 17 16000
2015-04-10 19:40:40.022 5.160.224.130 178.20.231.165 10136 9987 64 0x00 17 16000
2015-04-10 19:40:40.022 5.197.166.172 178.20.231.165 8864 9987 64 0x00 17 16000
2015-04-10 19:40:40.022 5.131.96.230 178.20.231.165 8080 9987 64 0x00 17 16000
2015-04-10 19:40:40.022 5.29.8.78 178.20.231.165 13272 9987 64 0x00 17 16000
2015-04-10 19:40:40.022 5.173.118.97 178.20.231.165 7056 9987 64 0x00 17 16000
2015-04-10 19:40:40.272 5.244.155.195 178.20.231.165 11240 9987 64 0x00 17 16000
2015-04-10 19:40:40.272 5.175.157.49 178.20.231.165 12968 9987 64 0x00 17 16000
2015-04-10 19:40:40.272 5.71.31.231 178.20.231.165 13032 9987 64 0x00 17 16000
2015-04-10 19:40:40.523 5.85.71.96 178.20.231.165 11240 9987 64 0x00 17 16000
2015-04-10 19:40:40.523 5.99.96.243 178.20.231.165 14736 9987 64 0x00 17 16000
2015-04-10 19:40:40.523 5.249.163.218 178.20.231.165 9920 9987 64 0x00 17 16000
2015-04-10 19:40:40.523 5.186.177.79 178.20.231.165 13264 9987 64 0x02 17 16000
2015-04-10 19:40:40.523 5.95.207.12 178.20.231.165 13504 9987 64 0x02 17 16000
2015-04-10 19:40:40.774 5.245.39.159 178.20.231.165 7904 9987 64 0x00 17 16000
2015-04-10 19:40:40.774 5.128.118.69 178.20.231.165 9888 9987 64 0x00 17 16000
2015-04-10 19:40:40.774 5.243.126.252 178.20.231.165 10728 9987 64 0x00 17 16000
2015-04-10 19:40:40.775 5.248.157.35 178.20.231.165 13504 9987 64 0x10 17 16000
2015-04-10 19:40:40.775 5.204.186.76 178.20.231.165 9384 9987 64 0x10 17 16000
2015-04-10 19:40:40.775 5.113.43.17 178.20.231.165 13968 9987 64 0x10 17 16000
2015-04-10 19:40:41.025 5.97.49.116 178.20.231.165 14584 9987 64 0x00 17 16000
2015-04-10 19:40:41.025 5.241.181.15 178.20.231.165 10208 9987 64 0x00 17 16000
2015-04-10 19:40:41.025 5.130.165.119 178.20.231.165 15104 9987 64 0x00 17 16000
2015-04-10 19:40:41.026 5.88.166.119 178.20.231.165 10408 9987 64 0x02 17 16000
2015-04-10 19:40:41.277 5.213.19.236 178.20.231.165 11152 9987 64 0x00 17 16000
2015-04-10 19:40:41.277 5.70.68.104 178.20.231.165 7432 9987 64 0x00 17 16000
2015-04-10 19:40:41.277 5.175.91.220 178.20.231.165 13016 9987 64 0x02 17 16000
2015-04-10 19:40:41.277 5.248.91.231 178.20.231.165 13488 9987 64 0x02 17 16000
2015-04-10 19:40:41.528 5.237.82.49 178.20.231.165 11208 9987 64 0x00 17 16000
2015-04-10 19:40:41.528 5.1.75.226 178.20.231.165 9136 9987 64 0x00 17 16000
2015-04-10 19:40:41.528 5.148.85.31 178.20.231.165 14504 9987 64 0x02 17 16000
2015-04-10 19:40:41.528 5.81.26.232 178.20.231.165 9952 9987 64 0x02 17 16000
2015-04-10 19:40:41.528 5.195.238.116 178.20.231.165 7584 9987 64 0x02 17 16000
2015-04-10 19:40:41.779 5.109.166.114 178.20.231.165 7352 9987 64 0x00 17 16000
2015-04-10 19:40:41.779 5.85.108.48 178.20.231.165 12704 9987 64 0x00 17 16000
2015-04-10 19:40:41.779 5.213.23.35 178.20.231.165 7176 9987 64 0x00 17 16000
2015-04-10 19:40:41.780 5.168.252.241 178.20.231.165 14808 9987 64 0x10 17 16000
2015-04-10 19:40:41.780 5.31.12.17 178.20.231.165 11752 9987 64 0x10 17 16000
2015-04-10 19:40:41.780 5.111.5.3 178.20.231.165 14752 9987 64 0x10 17 16000
2015-04-10 19:40:42.030 5.63.179.11 178.20.231.165 8888 9987 64 0x00 17 16000
2015-04-10 19:40:42.031 5.201.198.126 178.20.231.165 14600 9987 64 0x02 17 16000
2015-04-10 19:40:42.031 5.70.110.97 178.20.231.165 9920 9987 64 0x02 17 16000
2015-04-10 19:40:42.031 5.160.114.195 178.20.231.165 10680 9987 64 0x02 17 16000
2015-04-10 19:40:42.281 5.115.147.145 178.20.231.165 13536 9987 64 0x10 17 16000
2015-04-10 19:40:42.281 5.167.152.241 178.20.231.165 9472 9987 64 0x10 17 16000
2015-04-10 19:40:42.281 5.99.192.209 178.20.231.165 10496 9987 64 0x10 17 16000
2015-04-10 19:40:42.282 5.221.43.55 178.20.231.165 10176 9987 64 0x10 17 16000
2015-04-10 19:40:42.531 5.45.101.69 178.20.231.165 9920 9987 64 0x00 17 16000
2015-04-10 19:40:42.531 5.151.94.198 178.20.231.165 12768 9987 64 0x00 17 16000
2015-04-10 19:40:42.531 5.155.228.205 178.20.231.165 13992 9987 64 0x10 17 16000
2015-04-10 19:40:42.532 5.209.46.229 178.20.231.165 14816 9987 64 0x10 17 16000
2015-04-10 19:40:42.782 5.60.43.27 178.20.231.165 10672 9987 64 0x00 17 16000
2015-04-10 19:40:42.782 5.143.191.221 178.20.231.165 14592 9987 64 0x00 17 16000
2015-04-10 19:40:42.782 5.241.189.162 178.20.231.165 13768 9987 64 0x02 17 16000
2015-04-10 19:40:42.783 5.80.110.141 178.20.231.165 7160 9987 64 0x02 17 16000
2015-04-10 19:40:42.783 5.150.140.118 178.20.231.165 10408 9987 64 0x02 17 16000
2015-04-10 19:40:43.032 5.233.54.111 178.20.231.165 8168 9987 64 0x00 17 16000
2015-04-10 19:40:43.033 5.3.117.35 178.20.231.165 14048 9987 64 0x00 17 16000
2015-04-10 19:40:43.033 5.40.185.186 178.20.231.165 7152 9987 64 0x00 17 16000
2015-04-10 19:40:43.033 5.18.251.239 178.20.231.165 8624 9987 64 0x00 17 16000
2015-04-10 19:40:43.033 5.121.128.141 178.20.231.165 7632 9987 64 0x02 17 16000
2015-04-10 19:40:43.284 5.67.212.163 178.20.231.165 11512 9987 64 0x00 17 16000
2015-04-10 19:40:43.284 5.191.227.148 178.20.231.165 9440 9987 64 0x00 17 16000
2015-04-10 19:40:43.284 5.14.102.54 178.20.231.165 8896 9987 64 0x00 17 16000
2015-04-10 19:40:43.285 5.248.134.131 178.20.231.165 9616 9987 64 0x00 17 16000
2015-04-10 19:40:43.285 5.90.143.181 178.20.231.165 15112 9987 64 0x00 17 16000
2015-04-10 19:40:43.285 5.155.27.31 178.20.231.165 13264 9987 64 0x02 17 16000
2015-04-10 19:40:43.535 5.109.90.167 178.20.231.165 8408 9987 64 0x00 17 16000
2015-04-10 19:40:43.535 5.100.84.126 178.20.231.165 12976 9987 64 0x00 17 16000
2015-04-10 19:40:43.535 5.79.156.69 178.20.231.165 13760 9987 64 0x00 17 16000
2015-04-10 19:40:43.536 5.175.89.28 178.20.231.165 11520 9987 64 0x00 17 16000
2015-04-10 19:40:43.536 5.105.28.13 178.20.231.165 10944 9987 64 0x00 17 16000
2015-04-10 19:40:43.536 5.36.86.232 178.20.231.165 13032 9987 64 0x00 17 16000
2015-04-10 19:40:43.786 5.108.18.131 178.20.231.165 8400 9987 64 0x00 17 16000
2015-04-10 19:40:43.786 5.108.208.223 178.20.231.165 10496 9987 64 0x00 17 16000
2015-04-10 19:40:43.786 5.155.195.137 178.20.231.165 10456 9987 64 0x00 17 16000
2015-04-10 19:40:43.786 5.29.97.69 178.20.231.165 13264 9987 64 0x00 17 16000
2015-04-10 19:40:43.786 5.87.249.2 178.20.231.165 14544 9987 64 0x00 17 16000
2015-04-10 19:40:43.786 5.165.200.166 178.20.231.165 15056 9987 64 0x00 17 16000
2015-04-10 19:40:44.037 5.58.155.136 178.20.231.165 7088 9987 64 0x00 17 16000
2015-04-10 19:40:44.037 5.103.17.60 178.20.231.165 13760 9987 64 0x00 17 16000
2015-04-10 19:40:44.038 5.19.236.170 178.20.231.165 15096 9987 64 0x02 17 16000
2015-04-10 19:40:44.038 5.121.3.215 178.20.231.165 13800 9987 64 0x02 17 16000
2015-04-10 19:40:44.038 5.210.161.176 178.20.231.165 7400 9987 64 0x02 17 16000
2015-04-10 19:40:44.289 5.19.214.199 178.20.231.165 12456 9987 64 0x00 17 16000
2015-04-10 19:40:44.289 5.173.213.191 178.20.231.165 14288 9987 64 0x00 17 16000
2015-04-10 19:40:44.289 5.34.73.125 178.20.231.165 13568 9987 64 0x00 17 16000
2015-04-10 19:40:44.289 5.25.232.61 178.20.231.165 10680 9987 64 0x00 17 16000
2015-04-10 19:40:44.290 5.1.38.3 178.20.231.165 13248 9987 64 0x00 17 16000
2015-04-10 19:40:44.290 5.62.9.219 178.20.231.165 14480 9987 64 0x00 17 16000
2015-04-10 19:40:44.540 5.65.55.171 178.20.231.165 7080 9987 64 0x02 17 16000
2015-04-10 19:40:44.540 5.63.39.116 178.20.231.165 10408 9987 64 0x02 17 16000
2015-04-10 19:40:44.540 5.158.252.55 178.20.231.165 7832 9987 64 0x02 17 16000
2015-04-10 19:40:44.541 5.166.48.166 178.20.231.165 14024 9987 64 0x02 17 16000
2015-04-10 19:40:44.541 5.30.82.189 178.20.231.165 8648 9987 64 0x02 17 16000
2015-04-10 19:40:44.791 5.42.40.243 178.20.231.165 9168 9987 64 0x00 17 16000
2015-04-10 19:40:44.791 5.78.199.150 178.20.231.165 9120 9987 64 0x00 17 16000
2015-04-10 19:40:44.791 5.57.224.55 178.20.231.165 7840 9987 64 0x00 17 16000
2015-04-10 19:40:44.791 5.151.161.182 178.20.231.165 9376 9987 64 0x00 17 16000
2015-04-10 19:40:44.791 5.109.188.195 178.20.231.165 7648 9987 64 0x00 17 16000
2015-04-10 19:40:44.791 5.27.109.112 178.20.231.165 14544 9987 64 0x00 17 16000
2015-04-10 19:40:44.791 5.174.234.182 178.20.231.165 8896 9987 64 0x00 17 16000
2015-04-10 19:40:45.042 5.80.86.47 178.20.231.165 11968 9987 64 0x00 17 16000
2015-04-10 19:40:45.042 5.99.129.93 178.20.231.165 13800 9987 64 0x00 17 16000
2015-04-10 19:40:45.042 5.171.220.80 178.20.231.165 9440 9987 64 0x00 17 16000
2015-04-10 19:40:45.293 5.202.87.187 178.20.231.165 11432 9987 64 0x10 17 16000
2015-04-10 19:40:45.293 5.137.226.47 178.20.231.165 12800 9987 64 0x10 17 16000
2015-04-10 19:40:45.293 5.83.53.99 178.20.231.165 13984 9987 64 0x10 17 16000
2015-04-10 19:40:45.294 5.226.43.220 178.20.231.165 8696 9987 64 0x10 17 16000
2015-04-10 19:40:45.294 5.10.204.152 178.20.231.165 10152 9987 64 0x10 17 16000
2015-04-10 19:40:45.544 5.95.38.227 178.20.231.165 14552 9987 64 0x00 17 16000
2015-04-10 19:40:45.544 5.147.99.68 178.20.231.165 15040 9987 64 0x00 17 16000
2015-04-10 19:40:45.544 5.99.129.78 178.20.231.165 8440 9987 64 0x00 17 16000
2015-04-10 19:40:45.544 5.36.58.191 178.20.231.165 9464 9987 64 0x00 17 16000
2015-04-10 19:40:45.544 5.52.39.92 178.20.231.165 13296 9987 64 0x00 17 16000
2015-04-10 19:40:45.795 5.192.58.12 178.20.231.165 7872 9987 64 0x00 17 16000
2015-04-10 19:40:45.795 5.35.238.99 178.20.231.165 8192 9987 64 0x00 17 16000
2015-04-10 19:40:45.795 5.107.124.142 178.20.231.165 8160 9987 64 0x00 17 16000
2015-04-10 19:40:45.795 5.49.131.88 178.20.231.165 11760 9987 64 0x00 17 16000
2015-04-10 19:40:45.795 5.187.37.167 178.20.231.165 9456 9987 64 0x00 17 16000
2015-04-10 19:40:45.795 5.30.85.28 178.20.231.165 13520 9987 64 0x00 17 16000
2015-04-10 19:40:45.795 5.97.145.23 178.20.231.165 15024 9987 64 0x00 17 16000
2015-04-10 19:40:46.046 5.176.239.173 178.20.231.165 14000 9987 64 0x10 17 16000
2015-04-10 19:40:46.046 5.106.229.76 178.20.231.165 14288 9987 64 0x02 17 16000
2015-04-10 19:40:46.046 5.2.47.118 178.20.231.165 10984 9987 64 0x02 17 16000
2015-04-10 19:40:46.046 5.34.222.19 178.20.231.165 11968 9987 64 0x02 17 16000
2015-04-10 19:40:46.297 5.15.86.183 178.20.231.165 13816 9987 64 0x00 17 16000
2015-04-10 19:40:46.298 5.70.106.82 178.20.231.165 11176 9987 64 0x00 17 16000
2015-04-10 19:40:46.298 5.237.210.188 178.20.231.165 7136 9987 64 0x00 17 16000
2015-04-10 19:40:46.298 5.244.231.165 178.20.231.165 12200 9987 64 0x00 17 16000
2015-04-10 19:40:46.548 5.130.127.236 178.20.231.165 10240 9987 64 0x00 17 16000
2015-04-10 19:40:46.548 5.254.244.6 178.20.231.165 10232 9987 64 0x00 17 16000
2015-04-10 19:40:46.548 5.105.91.83 178.20.231.165 14064 9987 64 0x00 17 16000
2015-04-10 19:40:46.548 5.95.6.90 178.20.231.165 13280 9987 64 0x00 17 16000
2015-04-10 19:40:46.548 5.223.72.230 178.20.231.165 14016 9987 64 0x00 17 16000
2015-04-10 19:40:46.799 5.115.200.107 178.20.231.165 12456 9987 64 0x11 17 16000
2015-04-10 19:40:46.799 5.46.74.167 178.20.231.165 11952 9987 64 0x11 17 16000
2015-04-10 19:40:46.799 5.50.245.54 178.20.231.165 11768 9987 64 0x11 17 16000
2015-04-10 19:40:46.799 5.8.103.245 178.20.231.165 13504 9987 64 0x10 17 16000
2015-04-10 19:40:47.049 5.82.16.160 178.20.231.165 15048 9987 64 0x10 17 16000
2015-04-10 19:40:47.049 5.30.234.195 178.20.231.165 9176 9987 64 0x10 17 16000
2015-04-10 19:40:47.050 5.139.143.243 178.20.231.165 11976 9987 64 0x10 17 16000
2015-04-10 19:40:47.318 5.235.78.26 178.20.231.165 13232 9987 64 0x00 17 16000
2015-04-10 19:40:47.318 5.226.195.174 178.20.231.165 8672 9987 64 0x00 17 16000
2015-04-10 19:40:47.318 5.82.72.41 178.20.231.165 13568 9987 64 0x00 17 16000
2015-04-10 19:40:47.319 5.199.75.169 178.20.231.165 7320 9987 64 0x18 17 16000
2015-04-10 19:40:47.319 5.98.40.100 178.20.231.165 15024 9987 64 0x18 17 16000
2015-04-10 19:40:47.569 5.34.205.194 178.20.231.165 8456 9987 64 0x00 17 16000
2015-04-10 19:40:47.569 5.248.231.44 178.20.231.165 12736 9987 64 0x00 17 16000
2015-04-10 19:40:47.570 5.158.96.205 178.20.231.165 13200 9987 64 0x02 17 16000
2015-04-10 19:40:47.570 5.103.191.18 178.20.231.165 7840 9987 64 0x02 17 16000
2015-04-10 19:40:47.820 5.109.229.183 178.20.231.165 7128 9987 64 0x00 17 16000
2015-04-10 19:40:47.820 5.241.199.84 178.20.231.165 12728 9987 64 0x00 17 16000
2015-04-10 19:40:47.820 5.103.53.193 178.20.231.165 7120 9987 64 0x18 17 16000
2015-04-10 19:40:47.820 5.221.239.93 178.20.231.165 11488 9987 64 0x18 17 16000
2015-04-10 19:40:47.820 5.1.39.137 178.20.231.165 12176 9987 64 0x18 17 16000
2015-04-10 19:40:48.070 5.235.22.110 178.20.231.165 9360 9987 64 0x02 17 16000
2015-04-10 19:40:48.070 5.62.93.76 178.20.231.165 7176 9987 64 0x02 17 16000
2015-04-10 19:40:48.070 5.91.220.8 178.20.231.165 10936 9987 64 0x02 17 16000
2015-04-10 19:40:48.321 5.231.106.75 178.20.231.165 15080 9987 64 0x00 17 16000
2015-04-10 19:40:48.321 5.123.42.27 178.20.231.165 15056 9987 64 0x00 17 16000
2015-04-10 19:40:48.321 5.242.185.67 178.20.231.165 13776 9987 64 0x00 17 16000
2015-04-10 19:40:48.322 5.230.209.99 178.20.231.165 14528 9987 64 0x00 17 16000
2015-04-10 19:40:48.322 5.124.220.223 178.20.231.165 7600 9987 64 0x02 17 16000
2015-04-10 19:40:48.322 5.39.31.174 178.20.231.165 13032 9987 64 0x02 17 16000
2015-04-10 19:40:48.571 5.10.109.171 178.20.231.165 13768 9987 64 0x00 17 16000
2015-04-10 19:40:48.571 5.135.82.125 178.20.231.165 14520 9987 64 0x00 17 16000
2015-04-10 19:40:48.571 5.0.64.196 178.20.231.165 9952 9987 64 0x00 17 16000
2015-04-10 19:40:48.572 5.67.84.187 178.20.231.165 11784 9987 64 0x00 17 16000
2015-04-10 19:40:48.572 5.231.99.126 178.20.231.165 14552 9987 64 0x02 17 16000
2015-04-10 19:40:48.822 5.6.181.227 178.20.231.165 13832 9987 64 0x00 17 16000
2015-04-10 19:40:48.822 5.221.32.101 178.20.231.165 7688 9987 64 0x00 17 16000
2015-04-10 19:40:48.822 5.222.121.42 178.20.231.165 9176 9987 64 0x00 17 16000
2015-04-10 19:40:48.822 5.1.150.44 178.20.231.165 12552 9987 64 0x00 17 16000
2015-04-10 19:40:48.822 5.15.21.52 178.20.231.165 11928 9987 64 0x00 17 16000
2015-04-10 19:40:48.822 5.81.210.130 178.20.231.165 7400 9987 64 0x00 17 16000
2015-04-10 19:40:48.822 5.6.89.84 178.20.231.165 7648 9987 64 0x00 17 16000
2015-04-10 19:40:49.072 5.241.185.159 178.20.231.165 14280 9987 64 0x00 17 16000
2015-04-10 19:40:49.072 5.104.173.237 178.20.231.165 14088 9987 64 0x00 17 16000
2015-04-10 19:40:49.072 5.58.120.142 178.20.231.165 10928 9987 64 0x00 17 16000
2015-04-10 19:40:49.072 5.205.209.186 178.20.231.165 13752 9987 64 0x00 17 16000
2015-04-10 19:40:49.072 5.106.254.50 178.20.231.165 8664 9987 64 0x00 17 16000
2015-04-10 19:40:49.072 5.179.123.38 178.20.231.165 13256 9987 64 0x00 17 16000
2015-04-10 19:40:49.322 5.98.120.182 178.20.231.165 14048 9987 64 0x00 17 16000
2015-04-10 19:40:49.322 5.118.114.58 178.20.231.165 13496 9987 64 0x00 17 16000
2015-04-10 19:40:49.322 5.108.0.184 178.20.231.165 10456 9987 64 0x00 17 16000
2015-04-10 19:40:49.323 5.164.50.4 178.20.231.165 8376 9987 64 0x00 17 16000
2015-04-10 19:40:49.573 5.230.62.181 178.20.231.165 8920 9987 64 0x00 17 16000
2015-04-10 19:40:49.573 5.231.38.45 178.20.231.165 12808 9987 64 0x00 17 16000
2015-04-10 19:40:49.573 5.10.134.206 178.20.231.165 12688 9987 64 0x00 17 16000
2015-04-10 19:40:49.573 5.18.36.145 178.20.231.165 11944 9987 64 0x02 17 16000
2015-04-10 19:40:49.823 5.28.199.22 178.20.231.165 9408 9987 64 0x00 17 16000
2015-04-10 19:40:49.824 5.237.85.159 178.20.231.165 9128 9987 64 0x00 17 16000
2015-04-10 19:40:49.824 5.65.79.133 178.20.231.165 14224 9987 64 0x00 17 16000
2015-04-10 19:40:49.824 5.178.67.180 178.20.231.165 7400 9987 64 0x00 17 16000
2015-04-10 19:40:49.824 5.238.97.252 178.20.231.165 11528 9987 64 0x00 17 16000
2015-04-10 19:40:49.824 5.90.236.7 178.20.231.165 13312 9987 64 0x00 17 16000
2015-04-10 19:40:50.075 5.209.95.250 178.20.231.165 11760 9987 64 0x10 17 16000
2015-04-10 19:40:50.075 5.248.112.186 178.20.231.165 9976 9987 64 0x02 17 16000
2015-04-10 19:40:50.075 5.108.184.34 178.20.231.165 14544 9987 64 0x02 17 16000
2015-04-10 19:40:50.075 5.234.181.199 178.20.231.165 8960 9987 64 0x02 17 16000
2015-04-10 19:40:50.326 5.24.129.84 178.20.231.165 11720 9987 64 0x00 17 16000
2015-04-10 19:40:50.326 5.97.61.53 178.20.231.165 13744 9987 64 0x00 17 16000
2015-04-10 19:40:50.326 5.147.24.165 178.20.231.165 13248 9987 64 0x00 17 16000
2015-04-10 19:40:50.326 5.196.22.10 178.20.231.165 14000 9987 64 0x18 17 16000
2015-04-10 19:40:50.577 5.165.142.208 178.20.231.165 15000 9987 64 0x00 17 16000
2015-04-10 19:40:50.577 5.54.171.39 178.20.231.165 11704 9987 64 0x00 17 16000
2015-04-10 19:40:50.577 5.50.109.194 178.20.231.165 9200 9987 64 0x00 17 16000
2015-04-10 19:40:50.578 5.144.242.156 178.20.231.165 13224 9987 64 0x00 17 16000
2015-04-10 19:40:50.829 5.117.71.31 178.20.231.165 9672 9987 64 0x00 17 16000
2015-04-10 19:40:50.829 5.145.107.168 178.20.231.165 13056 9987 64 0x10 17 16000
2015-04-10 19:40:50.829 5.144.164.86 178.20.231.165 13712 9987 64 0x10 17 16000
2015-04-10 19:40:50.829 5.184.73.113 178.20.231.165 13280 9987 64 0x10 17 16000
2015-04-10 19:40:51.080 5.22.98.79 178.20.231.165 8088 9987 64 0x00 17 16000
2015-04-10 19:40:51.080 5.158.15.125 178.20.231.165 8424 9987 64 0x00 17 16000
2015-04-10 19:40:51.080 5.83.124.109 178.20.231.165 9648 9987 64 0x00 17 16000
2015-04-10 19:40:51.080 5.206.221.44 178.20.231.165 11696 9987 64 0x10 17 16000
2015-04-10 19:40:51.080 5.242.87.220 178.20.231.165 13504 9987 64 0x10 17 16000
2015-04-10 19:40:51.080 5.116.53.3 178.20.231.165 12688 9987 64 0x10 17 16000
2015-04-10 19:40:51.331 5.242.198.164 178.20.231.165 8952 9987 64 0x00 17 16000
2015-04-10 19:40:51.331 5.209.179.122 178.20.231.165 12264 9987 64 0x00 17 16000
2015-04-10 19:40:51.331 5.56.143.13 178.20.231.165 11920 9987 64 0x00 17 16000
2015-04-10 19:40:51.331 5.81.24.140 178.20.231.165 7608 9987 64 0x02 17 16000
2015-04-10 19:40:51.331 5.105.30.120 178.20.231.165 11464 9987 64 0x02 17 16000
2015-04-10 19:40:51.582 5.158.153.42 178.20.231.165 9120 9987 64 0x00 17 16000
2015-04-10 19:40:51.582 5.234.9.213 178.20.231.165 12480 9987 64 0x00 17 16000
2015-04-10 19:40:51.582 5.233.184.85 178.20.231.165 9936 9987 64 0x00 17 16000
2015-04-10 19:40:51.582 5.105.176.6 178.20.231.165 13064 9987 64 0x00 17 16000
2015-04-10 19:40:51.582 5.129.32.163 178.20.231.165 12752 9987 64 0x00 17 16000
2015-04-10 19:40:51.582 5.111.163.119 178.20.231.165 8128 9987 64 0x00 17 16000
2015-04-10 19:40:51.582 5.65.83.40 178.20.231.165 9672 9987 64 0x00 17 16000
2015-04-10 19:40:51.832 5.242.91.65 178.20.231.165 10736 9987 64 0x00 17 16000
2015-04-10 19:40:51.832 5.239.178.39 178.20.231.165 9456 9987 64 0x00 17 16000
2015-04-10 19:40:51.832 5.179.122.197 178.20.231.165 11232 9987 64 0x00 17 16000
2015-04-10 19:40:51.832 5.239.152.232 178.20.231.165 9400 9987 64 0x00 17 16000
2015-04-10 19:40:51.832 5.43.3.14 178.20.231.165 8592 9987 64 0x00 17 16000
2015-04-10 19:40:51.832 5.30.85.163 178.20.231.165 11424 9987 64 0x00 17 16000
2015-04-10 19:40:51.832 5.222.236.4 178.20.231.165 11008 9987 64 0x00 17 16000
2015-04-10 19:40:52.083 5.54.250.67 178.20.231.165 12000 9987 64 0x00 17 16000
2015-04-10 19:40:52.083 5.59.220.12 178.20.231.165 13984 9987 64 0x00 17 16000
2015-04-10 19:40:52.084 5.172.198.17 178.20.231.165 9632 9987 64 0x00 17 16000
2015-04-10 19:40:52.084 5.104.235.187 178.20.231.165 10912 9987 64 0x00 17 16000
2015-04-10 19:40:52.084 5.11.247.88 178.20.231.165 12432 9987 64 0x00 17 16000
2015-04-10 19:40:52.084 5.92.101.27 178.20.231.165 9440 9987 64 0x00 17 16000
2015-04-10 19:40:52.335 5.19.247.209 178.20.231.165 12472 9987 64 0x00 17 16000
2015-04-10 19:40:52.335 5.48.4.5 178.20.231.165 9960 9987 64 0x00 17 16000
2015-04-10 19:40:52.335 5.86.223.240 178.20.231.165 11744 9987 64 0x00 17 16000
2015-04-10 19:40:52.336 5.7.72.192 178.20.231.165 7056 9987 64 0x18 17 16000
2015-04-10 19:40:52.336 5.11.143.14 178.20.231.165 7368 9987 64 0x18 17 16000
2015-04-10 19:40:52.586 5.245.28.180 178.20.231.165 11520 9987 64 0x00 17 16000
2015-04-10 19:40:52.586 5.42.10.226 178.20.231.165 9640 9987 64 0x00 17 16000
2015-04-10 19:40:52.586 5.87.190.23 178.20.231.165 13712 9987 64 0x00 17 16000
2015-04-10 19:40:52.586 5.236.165.68 178.20.231.165 8352 9987 64 0x00 17 16000
2015-04-10 19:40:52.586 5.141.23.121 178.20.231.165 11192 9987 64 0x00 17 16000
2015-04-10 19:40:52.587 5.194.70.123 178.20.231.165 14496 9987 64 0x00 17 16000
2015-04-10 19:40:52.587 5.23.16.170 178.20.231.165 7832 9987 64 0x00 17 16000
2015-04-10 19:40:52.837 5.144.221.142 178.20.231.165 11968 9987 64 0x00 17 16000
2015-04-10 19:40:52.837 5.152.120.167 178.20.231.165 9624 9987 64 0x00 17 16000
2015-04-10 19:40:52.837 5.83.131.243 178.20.231.165 14784 9987 64 0x10 17 16000
2015-04-10 19:40:52.838 5.178.62.27 178.20.231.165 7360 9987 64 0x10 17 16000
2015-04-10 19:40:53.087 5.132.204.150 178.20.231.165 14808 9987 64 0x00 17 16000
2015-04-10 19:40:53.088 5.71.77.37 178.20.231.165 11264 9987 64 0x00 17 16000
2015-04-10 19:40:53.088 5.92.35.162 178.20.231.165 11176 9987 64 0x00 17 16000
2015-04-10 19:40:53.088 5.23.242.60 178.20.231.165 12264 9987

Open in new window

David Johnson, CD

why don't you just block port 64 inbound?

FireBall

ASKER

on where ? SRX locking down

David Johnson, CD

at the srx firewall

FireBall

ASKER

unfortunately it fulls the session
is there any way to block before open sessions protocol 64 ?

David Piniella

from the last example here: https://www.juniper.net/documentation/en_US/junos12.1/topics/task/operational/session-for-srx-series-clearing.html

user@host> clear security flow session protocol 64

Open in new window

that clears existing sessions using protocol 64.

FireBall

ASKER

is there any way to block all calls before creating session via ip 84 ?

and also that only clear session at the moment that you write. not a real time effect

David Piniella

clear session should clear existing sessions right then and there. It's user mode, not config mode, so you shouldn't even need to commit to make it happen.

http://kb.juniper.net/InfoCenter/index?page=content&id=KB24227

here's a mockup using a fake IP address:

set security policy from-zone Dis to-zone Int policy drop_bad_traffic match source-address 256.256.256.1/32 destination-address any application any 
set security policy from-zone Dis to-zone Int policy drop_bad_traffic then drop

Open in new window

you should be able to set application to any and then specify protocol as well so
source-address bad_IP
destination-address any
application any
protocol 64 (or 84, whatever it is).

dropping packets using an unknown protocol: http://www.juniper.net/documentation/en_US/junos12.1/topics/example/suspicious-packet-unknown-protocol-packet-dropping-cli.html

I would recommend that you set up a "bad_IP" group in your untrusted zone (Dis?) and use that as the "source-address" instead of making a rule for a specific IP. It'll be easier to add attackers in the future; odds are this isn't going to be the last time you have to deal with something like this. Best practice is to also add a rule that denies traffic from your internal network to the blocked hosts as well.

FireBall

ASKER

[edit security policies from-zone DisNetwork to-zone IcNetwork policy default-permit match]
root@srx3600.spd.net.tr# set pr
                             ^
syntax error.

[edit security policies from-zone DisNetwork to-zone IcNetwork policy default-permit match]
root@srx3600.spd.net.tr# set ?
Possible completions:
+ application          Port-based application
+ apply-groups         Groups from which to inherit configuration data
+ apply-groups-except  Don't inherit configuration data from these groups
+ destination-address  Match destination address
+ source-address       Match source address
+ source-identity      Match source identity

Open in new window

there is no chance the block protocol at the place you point

ASKER CERTIFIED SOLUTION

David Piniella

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

FireBall

ASKER

This time it has blocked for 50mbps but session got fulled

        from-zone DisNetwork to-zone IcNetwork {
            policy TTPBlocker {
                match {
                    source-address any;
                    destination-address any;
                    application TTPBlocker;
                }
                then {
                    deny;
                }
            }
            policy default-permit {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit {
                        application-services {
                            idp;
                        }
                    }
                }
            }
        }
applications {
    application TTPBlocker protocol 84;
}

Open in new window

FireBall

ASKER

Strangely it hits the TTPblocker but shows as hitted to permit policy

FireBall

ASKER

anc also i limit it with screen destination session limit with 100 then the session return to normal but when attack reaches 100K+ pps srx getting inaccessible

FireBall

ASKER

thank you