Educause Security Discussion mailing list archives
MSUDenver seeing potential bot-net DDOS
From: "Hart, Michael" <mhart20 () MSUDENVER EDU>
Date: Wed, 3 Apr 2019 16:23:43 +0000
Our institution is being hammered pretty hard right now from a large number of source IPs. We're working with our ISP to sinkhole as many of the sources as possible, but our tools are pretty hamstrung from the flood of traffic until the ISP can stop if from hitting our network. We're in the midst of response, so I don't have a curated list with reputations or heavy analysis, but the heavy hitters are coming from the following list of IPs: 12.13.147.195 134.209.164.39 142.93.151.87 149.28.137.69 159.89.176.225 172.248.5.200 177.11.137.4 177.126.18.199 185.200.118.83 188.19.137.210 190.104.198.230 190.145.99.75 193.106.29.106 201.80.131.158 206.189.181.12 207.244.86.222 66.240.205.34 92.53.65.2 92.53.65.3 We'll keep you updated if we find out more. Just wanted to share in case you're seeing any similar traffic. Mike Hart | CISO, Director of ITS Security, Infrastructure, and Networking Metropolitan State University of Denver Information Technology Services Campus Box 96, P.O. Box 173362, Denver, CO 80217-3362 Admin Building - 1201 5th Street 480E Denver, CO 80204 303-615-0541 (Office) 303-352-7548 (Help Desk) mhart20 () msudenver edu<mailto:mhart20 () msudenver edu> | www.msudenver.edu/technology<http://www.msudenver.edu/technology> [University_Formal_2CPos184x]
Current thread:
- MSUDenver seeing potential bot-net DDOS Hart, Michael (Apr 03)
- Re: MSUDenver seeing potential bot-net DDOS Frank Barton (Apr 03)
- Re: MSUDenver seeing potential bot-net DDOS Frank Barton (Apr 03)
- Re: MSUDenver seeing potential bot-net DDOS Hart, Michael (Apr 03)
- <Possible follow-ups>
- Re: MSUDenver seeing potential bot-net DDOS Joseph Tam (Apr 03)
- Re: MSUDenver seeing potential bot-net DDOS Frank Barton (Apr 03)