North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Internet Connectivity

  • From: Stephen J. Wilcox
  • Date: Fri Oct 01 11:38:56 2004

ahh then you have one of the new wormy things that scans aggressively for easy 
accounts on ssh. find src host and disinfect.

Steve

On Fri, 1 Oct 2004, Jack Vizelter wrote:

> 
> Investigation is still ongoing, but from what they can tell, majority of
> the attempted connections have been going over TCP port 22.
> 
> -jack 
> 
> -----Original Message-----
> From: Josh Duffek [mailto:[email protected]] 
> Sent: Friday, October 01, 2004 11:05 AM
> To: Jack Vizelter; [email protected]
> Subject: RE: Internet Connectivity
> 
> Did you run a sniffer to get an idea of what all the traffic is?
> Curious what, if any, port(s) are being flooded.
> 
> J
> 
> -----Original Message-----
> From: [email protected] [mailto:[email protected]] On Behalf Of
> Jack Vizelter
> Sent: Friday, October 01, 2004 9:56 AM
> To: [email protected]
> Subject: Internet Connectivity
> 
> 
> We had several machines start spewing huge amounts of data causing our
> pipe to the public Internet to stop.  We had no traffic coming in or out
> of the campus.  We're unsure of whether it's virus related, but wanted
> to inquire if anyone else has heard of or came across something similar.
> It appears to be an DDOS attack, but, originating from the inside.  This
> started last night at about 10pm EST.
> 
> Thanks,
> -jack
>