** nac.net UNDER ATTACK
alex at nac.net
alex at nac.net
Mon Dec 14 05:21:17 UTC 1998
We are currently seeing about 2 mb/s of the following traffic from
131.123.16.54 (membrane.kent.edu).
.Dec 14 00:12:13: IP: s=131.123.16.54 (ATM0), d=209.123.11.189 (Hssi0), len 1028, access denied
.Dec 14 00:12:13: UDP src=11570, dst=79
.Dec 14 00:12:13: IP: s=131.123.16.54 (ATM0), d=209.123.11.189 (Hssi0), len 1028, access denied
.Dec 14 00:12:13: UDP src=11570, dst=79
It is unlikely that a Cisco 7206 is sending 2 mb/s of finger requests to
this box, so I am assuming they are spoofing at least the port.
Has anyone else seen this?
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Atheism is a non-prophet organization. I route, therefore I am.
Alex Rubenstein, alex at nac.net, KC2BUO, ISP/C Charter Member
Father of the Network and Head Bottle-Washer
Net Access Corporation, 9 Mt. Pleasant Tpk., Denville, NJ 07834
Don't choose a spineless ISP; we have more backbone! http://www.nac.net
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
More information about the NANOG
mailing list