Seen any DDoS coming from 208.184.109.166?

[mixter () 2xs co il]

I'm trying to gather information about a DDoS attack
against a private network that took place on the 13th
from ca. 10:30 to 17:00 GMT. Most of the packets had
an (apparently forged) source address of 208.184.109.166
(abovenet). Bandwidth rates were in excess of several Gb/s.

The victim is located in in middle asia and at least a
substantial amount of the traffic was routed through from
scandinavian backbones, especially FI-SE and KPNQwest,
in the direction Nordunet. My guesses go in the direction
that it was either a larger DoS network, or an attack
from a couple of compromised routers.

If you've seen any related activity yesterday going over
your network, or perhaps even had a compromise and ddos
installation on several servers in scandinavia in the
last couple of days, I'd be very happy to hear about
it, either on this list or in private.


Thank you,

Mixter

---------------------------
Mixter
Development/Consulting
2xs LTD. - http://2xss.com
Tel: +972-9-9519980
Mail: mixter () 2xs co il




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com