Security Incidents mailing list archives
1000% increase in traffic
From: Bob Wright <rjw1150 () NEO LRUN COM>
Date: Fri, 9 Feb 2001 18:05:37 -0500
Hello guys, thank you for reading this email.. I beleave i might have an exploited box on my hands, At my place of employment we usally range about 728b/s as our average for output (128k Connection) Now starting at friday at 12am to sat 12pm (about) MRTG (traffic analyser) showed us averaging about 7744b/s !! on a weekend at that late of night. And all out to boot. This worries me because of our data (of coarse) or that we might have a possible client on one of the many machines for a DDOS. Now i have searched through most my logs, inet logs and i cant find a thing..... the logs do not LOOK like they were tamperd with. These are what i think could have happend. 1) Employee sending files home thinking that no one will be able to detect it. 2) DDOS client on one or several machines 3) We had a intrusion and the great guy he is decided to send our files to himself 4) <input here> I am new to this, im only an intern however they expect me to look into this? any how i would like to hear what you guys out there who have experience think, and as always i love any possible links you might have which discuss general procedure or any site that deals with network security. I thank you again for reading my email. -Robert Wright
Current thread:
- 1000% increase in traffic Bob Wright (Feb 10)
- Re: 1000% increase in traffic Jason Storm (Feb 10)
- Re: 1000% increase in traffic Derek Kwan (Feb 10)
- Re: 1000% increase in traffic Bryan Andersen (Feb 10)
- Re: 1000% increase in traffic Valdis Kletnieks (Feb 10)
- Re: 1000% increase in traffic John Kristoff (Feb 10)
- Re: 1000% increase in traffic Anders Thulin (Feb 26)