Full Disclosure mailing list archives
Re: lots of connections to 64.40.117.19 port 80
From: Michael Holstein <michael.holstein () csuohio edu>
Date: Fri, 18 Apr 2008 10:38:56 -0400
Recently I have seen a lots of connections to 64.40.117.19 port 80 in one of our clients network.
could be a lot of things .. do you have tcpdump? .. a packet trace would make your attempt at collective troubleshooting a *lot* easier .. but DDOS is an easy "malicious" guess. Non-malicious ones could be something like a blog/article on that box that just got featured on Digg/Slashdot/etc.
Connections are coming from all over the Internet (various different IPs) specifically to this IP.
Yeah .. that's how the Internet works.
What kind of problem this could be? Has anybody seen this kind of attack before?
Do you admin that box at 64.40.117.19? .. if it's a webserver, check the logs .. what's being requested? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- lots of connections to 64.40.117.19 port 80 Ganbold (Apr 18)
- Re: lots of connections to 64.40.117.19 port 80 Michael Holstein (Apr 18)
- Re: lots of connections to 64.40.117.19 port 80 Guido Landi (Apr 18)
- Re: lots of connections to 64.40.117.19 port 80 Security (Apr 19)
- <Possible follow-ups>
- Re: lots of connections to 64.40.117.19 port 80 Joey Mengele (Apr 18)
- Re: lots of connections to 64.40.117.19 port 80 news (Apr 18)
- Re: lots of connections to 64.40.117.19 port 80 Ganbold (Apr 20)
- Re: lots of connections to 64.40.117.19 port 80 php0t (Apr 18)
- Re: lots of connections to 64.40.117.19 port 80 news (Apr 18)
- Re: lots of connections to 64.40.117.19 port 80 Joey Mengele (Apr 18)
- Re: lots of connections to 64.40.117.19 port 80 news (Apr 18)
- Re: lots of connections to 64.40.117.19 port 80 Valdis . Kletnieks (Apr 18)
- Re: lots of connections to 64.40.117.19 port 80 Joey Mengele (Apr 18)
(Thread continues...)