Internet Connectivity

• Previous message (by thread): Internet Connectivity
• Next message (by thread): Internet Connectivity
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ahh then you have one of the new wormy things that scans aggressively for easy 
accounts on ssh. find src host and disinfect.

Steve

On Fri, 1 Oct 2004, Jack Vizelter wrote:

> 
> Investigation is still ongoing, but from what they can tell, majority of
> the attempted connections have been going over TCP port 22.
> 
> -jack 
> 
> -----Original Message-----
> From: Josh Duffek [mailto:consultantjd16 at ridemetro.org] 
> Sent: Friday, October 01, 2004 11:05 AM
> To: Jack Vizelter; nanog at merit.edu
> Subject: RE: Internet Connectivity
> 
> Did you run a sniffer to get an idea of what all the traffic is?
> Curious what, if any, port(s) are being flooded.
> 
> J
> 
> -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
> Jack Vizelter
> Sent: Friday, October 01, 2004 9:56 AM
> To: nanog at merit.edu
> Subject: Internet Connectivity
> 
> 
> We had several machines start spewing huge amounts of data causing our
> pipe to the public Internet to stop.  We had no traffic coming in or out
> of the campus.  We're unsure of whether it's virus related, but wanted
> to inquire if anyone else has heard of or came across something similar.
> It appears to be an DDOS attack, but, originating from the inside.  This
> started last night at about 10pm EST.
> 
> Thanks,
> -jack
> 

• Previous message (by thread): Internet Connectivity
• Next message (by thread): Internet Connectivity
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]