DDoS traffic
Matthew Sullivan
matthew at sorbs.net
Fri Aug 22 11:04:14 UTC 2003
Hi All,
My appologies if this is against the group topic (and someone please let
me know so I will not post again if I come to the same position)...
Is there a member of Comcast Abuse here...
For some time now a host has been attempting to DoS (as part of a larger
DDoS) one of my machines. I have a reporting script that has now been
running for at least 24 hours with no change in the traffic (even Kornet
has clean up their reported hosts)...
Sample from a few minutes ago:
21:02:42.538809 24.98.155.201.4002 > 203.15.51.44.3995: udp 1015
21:02:42.640085 24.98.155.201.4002 > 203.15.51.44.3995: udp 1022
21:02:42.777978 24.98.155.201.4002 > 203.15.51.44.8864: udp 1019
21:02:42.854118 24.98.155.201.4002 > 203.15.51.44.12814: udp 1018
21:02:42.971654 24.98.155.201.4002 > 203.15.51.44.12814: udp 1019
21:02:43.082695 24.98.155.201.4002 > 203.15.51.44.31305: udp 1017
21:02:43.215009 24.98.155.201.4002 > 203.15.51.44.31305: udp 1019
21:02:43.307266 24.98.155.201.4002 > 203.15.51.44.25940: udp 1023
21:02:43.419239 24.98.155.201.4002 > 203.15.51.44.13263: udp 1022
21:02:43.503134 24.98.155.201.4002 > 203.15.51.44.13263: udp 1017
21:02:43.650252 24.98.155.201.4002 > 203.15.51.44.26162: udp 1018
21:02:43.711223 24.98.155.201.4002 > 203.15.51.44.25159: udp 1015
21:02:43.843544 24.98.155.201.4002 > 203.15.51.44.25159: udp 1017
21:02:43.964055 24.98.155.201.4002 > 203.15.51.44.4333: udp 1023
21:02:44.049052 24.98.155.201.4002 > 203.15.51.44.4333: udp 1020
21:02:44.180422 24.98.155.201.4002 > 203.15.51.44.28683: udp 1023
Thank you.
More information about the NANOG
mailing list