Czdlxy.163.com and High Bandwidth Utilisation

[Tim Lane <tlane () SCU EDU AU>]

Hi All,

we are having an anomaly occur on our network where our Internet link is
experiencing 100% utilisation and the proxies are reporting massive
downloads from Czdlxy.163.com  but the traffic does not seem to come inside
our network to workstations, just to the proxies.

Czdlxy.163.com appears to be related to some Chinese Online Gaming website
(but translation makes it difficult to pinpoint exactly).  This makes me
think that either:

1)       Proxy servers are compromised and are hosting content
2)       Denial of service
3)       Traffic is actually going inside our network and we cannot see it
(at this
stage).

I realise this is basic information but has anyone heard of this site before
or do they have any suggestions or thoughts on what could be occurring?  Is
anyone else seeing something similar?

Thanks,

Tim Lane


Tim Lane
Information Security Program Manager

Information Technology and Telecommunication Services
Southern Cross University
PO Box 157 Lismore NSW 2480

Phone (02) 6620 3290    Fax(02) 6620 3033
Email: tlane () scu edu au
http://www.scu.edu.au