Internet Connectivity
Stephen J. Wilcox
steve at telecomplete.co.uk
Fri Oct 1 15:32:14 UTC 2004
ahh then you have one of the new wormy things that scans aggressively for easy
accounts on ssh. find src host and disinfect.
Steve
On Fri, 1 Oct 2004, Jack Vizelter wrote:
>
> Investigation is still ongoing, but from what they can tell, majority of
> the attempted connections have been going over TCP port 22.
>
> -jack
>
> -----Original Message-----
> From: Josh Duffek [mailto:consultantjd16 at ridemetro.org]
> Sent: Friday, October 01, 2004 11:05 AM
> To: Jack Vizelter; nanog at merit.edu
> Subject: RE: Internet Connectivity
>
> Did you run a sniffer to get an idea of what all the traffic is?
> Curious what, if any, port(s) are being flooded.
>
> J
>
> -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
> Jack Vizelter
> Sent: Friday, October 01, 2004 9:56 AM
> To: nanog at merit.edu
> Subject: Internet Connectivity
>
>
> We had several machines start spewing huge amounts of data causing our
> pipe to the public Internet to stop. We had no traffic coming in or out
> of the campus. We're unsure of whether it's virus related, but wanted
> to inquire if anyone else has heard of or came across something similar.
> It appears to be an DDOS attack, but, originating from the inside. This
> started last night at about 10pm EST.
>
> Thanks,
> -jack
>
More information about the NANOG
mailing list