Security Incidents mailing list archives
Re: 1000% increase in traffic
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Fri, 9 Feb 2001 22:49:44 -0500
On Fri, 09 Feb 2001 18:05:37 EST, Bob Wright <rjw1150 () NEO LRUN COM> said:
1) Employee sending files home thinking that no one will be able to detect it. 2) DDOS client on one or several machines 3) We had a intrusion and the great guy he is decided to send our files to himself 4) <input here>
5) Anon FTP server being used for warez 6) Unsecured Email server being used to 3rd-party relay spam. Yes, DDOS attacks happen, but I'd rule out these last two things *first*. If for no other reason than because both are fairly easy to close down. Heavy traffic on the FTP-DATA port (tcp/20) on one machine indicates warez puppies at work. Heavy traffic on the SMTP port (tcp/25) is most likely either an open relay being used by spammers, or you have a severe problem with Melissa-class viruses in your network. ;) Valdis Kletnieks Operating Systems Analyst Virginia Tech
Current thread:
- 1000% increase in traffic Bob Wright (Feb 10)
- Re: 1000% increase in traffic Jason Storm (Feb 10)
- Re: 1000% increase in traffic Derek Kwan (Feb 10)
- Re: 1000% increase in traffic Bryan Andersen (Feb 10)
- Re: 1000% increase in traffic Valdis Kletnieks (Feb 10)
- Re: 1000% increase in traffic John Kristoff (Feb 10)
- Re: 1000% increase in traffic Anders Thulin (Feb 26)