DDoS Attacks to several Networks (Switzerland)

[michi () digicomp ch]

Hello there,

Thuesday we've had a DDoS coming from 500 different sources. It was a
"tcp-packet-flood" to unpriviledged ports. The DDoS take our network down
for 2 hours. I called our ISP to block some IP's which has been spammed
with these packets. There wasn't any sheme in the source IP's, looked like
they were spoofed, 500 different hosts are a lot. At the same time two
networks of friends (all in Switzerland) were DDoSed also, with same sheme.
One friend reported that at the same time one box which was running an old
version of ssh was owned, or probably owned by the same guy who did the
DDoS.
I think the "attacker" has found the ip's to attack on IRC. The attacks
started from 2pm until 5pm (CET).

Greetings

Michi
-------------------------------------------------
DIGICOMP AG
Michi Zaugg
Network & Security
Limmatstr. 50
8005 Zuerich

mailto: michi () digicomp ch
mob: +41 (0) 79 245 75 34
tel: +41 (0) 1 447 21 46
fax: +41 (0) 1 447 21 51
-------------------------------------------------
- we're the dot in .digicomp


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com