Security Incidents mailing list archives

Re: 1000% increase in traffic

From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Fri, 9 Feb 2001 22:49:44 -0500

On Fri, 09 Feb 2001 18:05:37 EST, Bob Wright <rjw1150 () NEO LRUN COM>  said:

1) Employee sending files home thinking that no one will be able to detect it.
2) DDOS client on one or several machines
3) We had a intrusion and the great guy he is decided to send our files to himself
4) <input here>


5) Anon FTP server being used for warez
6) Unsecured Email server being used to 3rd-party relay spam.

Yes, DDOS attacks happen, but I'd rule out these last two things *first*.
If for no other reason than because both are fairly easy to close down.

Heavy traffic on the FTP-DATA port (tcp/20) on one machine indicates
warez puppies at work.  Heavy traffic on the SMTP port (tcp/25) is
most likely either an open relay being used by spammers, or you have
a severe problem with Melissa-class viruses in your network. ;)

                                Valdis Kletnieks
                                Operating Systems Analyst
                                Virginia Tech

Current thread:

1000% increase in traffic Bob Wright (Feb 10)
- Re: 1000% increase in traffic Jason Storm (Feb 10)
- Re: 1000% increase in traffic Derek Kwan (Feb 10)
- Re: 1000% increase in traffic Bryan Andersen (Feb 10)
- Re: 1000% increase in traffic Valdis Kletnieks (Feb 10)
- Re: 1000% increase in traffic John Kristoff (Feb 10)
- Re: 1000% increase in traffic Anders Thulin (Feb 26)