Educause Security Discussion mailing list archives
Re: Bot DDOS at 10 AM
From: Brian Eckman <eckman () UMN EDU>
Date: Wed, 8 Sep 2004 11:51:32 -0500
Jim Bollinger wrote:
At 10:00 EDT, we had a small army of bots here begin what appeared to be a DDOS on two Bell Canada addresses (67.71.43.86, 64.229.195.252) The packets were malformed ICMP with length 1052, (type=248, code=246). Filled our DS3 pipe outbound. After we turned off a specific resnet subnet full of machines, the traffic dropped off. I see that there are new IRCbot and Gaobot variants- has anyone else seen this type of traffic?
Nope, our outbound DDoS attacks so far have been SYN floods. Brian -- Brian Eckman Security Analyst OIT Security and Assurance University of Minnesota ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Bot DDOS at 10 AM Jim Bollinger (Sep 08)
- <Possible follow-ups>
- Re: Bot DDOS at 10 AM Brian Eckman (Sep 08)
- Re: Bot DDOS at 10 AM Bielawa, David (Sep 08)
- Re: Bot DDOS at 10 AM Jim Bollinger (Sep 08)