nanog mailing list archives
RE: Internet Connectivity
From: "Stephen J. Wilcox" <steve () telecomplete co uk>
Date: Fri, 1 Oct 2004 16:32:14 +0100 (BST)
ahh then you have one of the new wormy things that scans aggressively for easy accounts on ssh. find src host and disinfect. Steve On Fri, 1 Oct 2004, Jack Vizelter wrote:
Investigation is still ongoing, but from what they can tell, majority of the attempted connections have been going over TCP port 22. -jack -----Original Message----- From: Josh Duffek [mailto:consultantjd16 () ridemetro org] Sent: Friday, October 01, 2004 11:05 AM To: Jack Vizelter; nanog () merit edu Subject: RE: Internet Connectivity Did you run a sniffer to get an idea of what all the traffic is? Curious what, if any, port(s) are being flooded. J -----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of Jack Vizelter Sent: Friday, October 01, 2004 9:56 AM To: nanog () merit edu Subject: Internet Connectivity We had several machines start spewing huge amounts of data causing our pipe to the public Internet to stop. We had no traffic coming in or out of the campus. We're unsure of whether it's virus related, but wanted to inquire if anyone else has heard of or came across something similar. It appears to be an DDOS attack, but, originating from the inside. This started last night at about 10pm EST. Thanks, -jack
Current thread:
- Internet Connectivity Jack Vizelter (Oct 01)
- <Possible follow-ups>
- RE: Internet Connectivity Josh Duffek (Oct 01)
- RE: Internet Connectivity Jack Vizelter (Oct 01)
- RE: Internet Connectivity Stephen J. Wilcox (Oct 01)
- Re: Internet Connectivity james edwards (Oct 01)
- RE: Internet Connectivity Fergie (Paul Ferguson) (Oct 01)