MSUDenver seeing potential bot-net DDOS

["Hart, Michael" <mhart20 () MSUDENVER EDU>]

Our institution is being hammered pretty hard right now from a large number of source IPs.  We're working with our ISP 
to sinkhole as many of the sources as possible, but our tools are pretty hamstrung from the flood of traffic until the 
ISP can stop if from hitting our network.

We're in the midst of response, so I don't have a curated list with reputations or heavy analysis, but the heavy 
hitters are coming from the following list of IPs:

12.13.147.195
134.209.164.39
142.93.151.87
149.28.137.69
159.89.176.225
172.248.5.200
177.11.137.4
177.126.18.199
185.200.118.83
188.19.137.210
190.104.198.230
190.145.99.75
193.106.29.106
201.80.131.158
206.189.181.12
207.244.86.222
66.240.205.34
92.53.65.2
92.53.65.3

We'll keep you updated if we find out more.  Just wanted to share in case you're seeing any similar traffic.


Mike Hart  | CISO, Director of ITS Security, Infrastructure, and Networking
Metropolitan State University of Denver
Information Technology Services
Campus Box 96, P.O. Box 173362, Denver, CO 80217-3362
Admin Building - 1201 5th Street 480E  Denver, CO 80204
303-615-0541 (Office)
303-352-7548 (Help Desk)
mhart20 () msudenver edu<mailto:mhart20 () msudenver edu> | 
www.msudenver.edu/technology<http://www.msudenver.edu/technology>

[University_Formal_2CPos184x]