Educause Security Discussion mailing list archives
Re: MSUDenver seeing potential bot-net DDOS
From: Frank Barton <bartonf () HUSSON EDU>
Date: Wed, 3 Apr 2019 12:40:20 -0400
Thank you Mike. A quick SPLUNKing later, and I'm seeing some, traffic (looks like 'spray-and-pray' looking for vulnerabilities) interesting distribution of destination ports. [image: image.png] On Wed, Apr 3, 2019 at 12:23 PM Hart, Michael <mhart20 () msudenver edu> wrote:
Our institution is being hammered pretty hard right now from a large number of source IPs. We’re working with our ISP to sinkhole as many of the sources as possible, but our tools are pretty hamstrung from the flood of traffic until the ISP can stop if from hitting our network. We’re in the midst of response, so I don’t have a curated list with reputations or heavy analysis, but the heavy hitters are coming from the following list of IPs: 12.13.147.195 134.209.164.39 142.93.151.87 149.28.137.69 159.89.176.225 172.248.5.200 177.11.137.4 177.126.18.199 185.200.118.83 188.19.137.210 190.104.198.230 190.145.99.75 193.106.29.106 201.80.131.158 206.189.181.12 207.244.86.222 66.240.205.34 92.53.65.2 92.53.65.3 We’ll keep you updated if we find out more. Just wanted to share in case you’re seeing any similar traffic. *Mike Hart | CISO, Director of ITS Security, Infrastructure, and Networking* *Metropolitan State University of Denver Information Technology Services* Campus Box 96, P.O. Box 173362, Denver, CO 80217-3362 Admin Building - 1201 5th Street 480E Denver, CO 80204 303-615-0541 (Office) 303-352-7548 (Help Desk) mhart20 () msudenver edu | www.msudenver.edu/technology [image: University_Formal_2CPos184x]
-- Frank Barton, MBA Security+, ACMT, MCP IT Systems Administrator Husson University
Current thread:
- MSUDenver seeing potential bot-net DDOS Hart, Michael (Apr 03)
- Re: MSUDenver seeing potential bot-net DDOS Frank Barton (Apr 03)
- Re: MSUDenver seeing potential bot-net DDOS Frank Barton (Apr 03)
- Re: MSUDenver seeing potential bot-net DDOS Hart, Michael (Apr 03)
- <Possible follow-ups>
- Re: MSUDenver seeing potential bot-net DDOS Joseph Tam (Apr 03)
- Re: MSUDenver seeing potential bot-net DDOS Frank Barton (Apr 03)