** nac.net UNDER ATTACK

alex at nac.net alex at nac.net
Mon Dec 14 05:21:17 UTC 1998


We are currently seeing about 2 mb/s of the following traffic from
131.123.16.54 (membrane.kent.edu). 

.Dec 14 00:12:13: IP: s=131.123.16.54 (ATM0), d=209.123.11.189 (Hssi0), len 1028, access denied
.Dec 14 00:12:13:     UDP src=11570, dst=79

.Dec 14 00:12:13: IP: s=131.123.16.54 (ATM0), d=209.123.11.189 (Hssi0), len 1028, access denied
.Dec 14 00:12:13:     UDP src=11570, dst=79


It is unlikely that a Cisco 7206 is sending 2 mb/s of finger requests to
this box, so I am assuming they are spoofing at least the port.

Has anyone else seen this?




-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
     Atheism is a non-prophet organization. I route, therefore I am.
       Alex Rubenstein, alex at nac.net, KC2BUO, ISP/C Charter Member
               Father of the Network and Head Bottle-Washer
     Net Access Corporation, 9 Mt. Pleasant Tpk., Denville, NJ 07834
 Don't choose a spineless ISP; we have more backbone!  http://www.nac.net
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --





More information about the NANOG mailing list