Educause Security Discussion mailing list archives
Re: Any ideas?
From: Paul Dokas <dokas () CS UMN EDU>
Date: Mon, 19 Jan 2004 22:20:04 -0600
On Mon, 19 Jan 2004 16:27:15 -0500, "Piscitello, Frank" <frank () WCUPA EDU> wrote:
I have what I'm assuming is a worm/scanner that is attempting to connect to 68.202.199.235 on port 6667. The mystery is that the source IP seems to be every address on my one student subnet. The IP packet is 60bytes and the Frame is 74 bytes. There is no actual data. Any ideas? -Frank
Spoofed SYN flood. I know because I've got one in my dorms that's attacking random cable modems even as I type this. I also had a large outbound SYN flood against 68.202.199.235 earlier tonight. I'm still attempting to track down the offending host on my network. Paul -- Paul Dokas dokas () cs umn edu ====================================================================== Don Juan Matus: "an enigma wrapped in mystery wrapped in a tortilla." ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Any ideas? Piscitello, Frank (Jan 19)
- <Possible follow-ups>
- Re: Any ideas? Cam Beasley, ISO (Jan 19)
- Re: Any ideas? Christopher Condie (Jan 19)
- Re: Any ideas? Piscitello, Frank (Jan 19)
- Re: Any ideas? Matthew Keller (Jan 19)
- Re: Any ideas? Clyde Hoadley (Jan 19)
- Re: Any ideas? Piscitello, Frank (Jan 19)
- Re: Any ideas? Cam Beasley, ISO (Jan 19)
- Re: Any ideas? Paul Dokas (Jan 19)
- Re: Any ideas? Paul Dokas (Jan 19)