Security Incidents mailing list archives
Re: 1000% increase in traffic
From: Jason Storm <sec () ORGONE NEGATION NET>
Date: Fri, 9 Feb 2001 17:50:38 -0800
if i was in your shoes; 1) run tcpdump on a box on the LAN to get an idea of what the traffic is, where its generated, and where its going. 2) if its generated by one box, take that box offline immediately and begin forensic work on it. hell, it could just be napster. then again, it could be something far less innocent. 3) if you are seeing traffic that indicates you are being used as a broadcast for a dos attack, (what appears to be say, one host pinging your broadcast and every box responding to that one ip), then you need to configure your border routers to drop broadcast requests, no biggie. -jason On Fri, 9 Feb 2001, Bob Wright wrote:
Hello guys, thank you for reading this email.. I beleave i might have an exploited box on my hands, At my place of employment we usally range about 728b/s as our average for output (128k Connection) Now starting at friday at 12am to sat 12pm (about) MRTG (traffic analyser) showed us averaging about 7744b/s !! on a weekend at that late of night. And all out to boot. This worries me because of our data (of coarse) or that we might have a possible client on one of the many machines for a DDOS. Now i have searched through most my logs, inet logs and i cant find a thing..... the logs do not LOOK like they were tamperd with. These are what i think could have happend. 1) Employee sending files home thinking that no one will be able to detect it. 2) DDOS client on one or several machines 3) We had a intrusion and the great guy he is decided to send our files to himself 4) <input here> I am new to this, im only an intern however they expect me to look into this? any how i would like to hear what you guys out there who have experience think, and as always i love any possible links you might have which discuss general procedure or any site that deals with network security. I thank you again for reading my email. -Robert Wright
Current thread:
- 1000% increase in traffic Bob Wright (Feb 10)
- Re: 1000% increase in traffic Jason Storm (Feb 10)
- Re: 1000% increase in traffic Derek Kwan (Feb 10)
- Re: 1000% increase in traffic Bryan Andersen (Feb 10)
- Re: 1000% increase in traffic Valdis Kletnieks (Feb 10)
- Re: 1000% increase in traffic John Kristoff (Feb 10)
- Re: 1000% increase in traffic Anders Thulin (Feb 26)