Security Incidents mailing list archives
DoS attack
From: "Jason Robertson" <jason () ifuture com>
Date: Mon, 18 Feb 2002 19:33:00 -0500
I just thought I would let everyone else know about this We have been receiving, over the past 2 days UDP DoS against our network, though I have had this blocked upstream, and now the x.x.x.28 is now null routed, it has not stopped with the UDPs actually the upstream has found more sources now since then. Anyways, the current stats from the section of the logs that I have, give me > 205000 packets between 15:56 and 18:40, though this has continued since then, so it's probably in the millions by now or worse. Feb 17 15:56:14 216.18.48.122 42: %SEC-6-IPACCESSLOGP: list e-inbound denied udp 194.47.153.20(1249) -> x.x.x.28(113), 122 packets -- Jason Robertson Now at the Nation Research Council. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Slow SNMP scan... Jay Quinby (Feb 15)
- Re: Slow SNMP scan... Jim Watt (Feb 16)
- Re: Slow SNMP scan... Borja Marcos (Feb 18)
- Re: Slow SNMP scan... Russell Fulton (Feb 20)
- Re: Slow SNMP scan... Borja Marcos (Feb 18)
- Re: Slow SNMP scan... Jim Watt (Feb 18)
- DoS attack Jason Robertson (Feb 18)
- Re: Slow SNMP scan... Borja Marcos (Feb 18)
- Re: Slow SNMP scan... Jim Watt (Feb 16)