Educause Security Discussion mailing list archives
Bot DDOS at 10 AM
From: Jim Bollinger <JBollinger () WLU EDU>
Date: Wed, 8 Sep 2004 11:57:12 -0400
At 10:00 EDT, we had a small army of bots here begin what appeared to be a DDOS on two Bell Canada addresses (67.71.43.86, 64.229.195.252) The packets were malformed ICMP with length 1052, (type=248, code=246). Filled our DS3 pipe outbound. After we turned off a specific resnet subnet full of machines, the traffic dropped off. I see that there are new IRCbot and Gaobot variants- has anyone else seen this type of traffic? Thanks, Jim Jim Bollinger Systems and Network Engineer Washington and Lee University Lexington, VA 24450 540-458-8743 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Bot DDOS at 10 AM Jim Bollinger (Sep 08)
- <Possible follow-ups>
- Re: Bot DDOS at 10 AM Brian Eckman (Sep 08)
- Re: Bot DDOS at 10 AM Bielawa, David (Sep 08)
- Re: Bot DDOS at 10 AM Jim Bollinger (Sep 08)