RE: Internet Connectivity

["Stephen J. Wilcox" <steve () telecomplete co uk>]

ahh then you have one of the new wormy things that scans aggressively for easy 
accounts on ssh. find src host and disinfect.

Steve

On Fri, 1 Oct 2004, Jack Vizelter wrote:

> Investigation is still ongoing, but from what they can tell, majority of
> the attempted connections have been going over TCP port 22.
>
> -jack 
>
> -----Original Message-----
> From: Josh Duffek [mailto:consultantjd16 () ridemetro org] 
> Sent: Friday, October 01, 2004 11:05 AM
> To: Jack Vizelter; nanog () merit edu
> Subject: RE: Internet Connectivity
>
> Did you run a sniffer to get an idea of what all the traffic is?
> Curious what, if any, port(s) are being flooded.
>
> J
>
> -----Original Message-----
> From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of
> Jack Vizelter
> Sent: Friday, October 01, 2004 9:56 AM
> To: nanog () merit edu
> Subject: Internet Connectivity
>
>
> We had several machines start spewing huge amounts of data causing our
> pipe to the public Internet to stop.  We had no traffic coming in or out
> of the campus.  We're unsure of whether it's virus related, but wanted
> to inquire if anyone else has heard of or came across something similar.
> It appears to be an DDOS attack, but, originating from the inside.  This
> started last night at about 10pm EST.
>
> Thanks,
> -jack