[122676] in North American Network Operators' Group
New botnet launch?
daemon@ATHENA.MIT.EDU (Drew Weaver)
Fri Feb 19 09:36:43 2010
From: Drew Weaver <drew.weaver@thenap.com>
To: "'nanog@nanog.org'" <nanog@nanog.org>
Date: Fri, 19 Feb 2010 09:33:28 -0500
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
All,
We noticed at around midnight for a brief period of time and around 6AM EST=
for an extended period that several hosted customer servers (4 completely =
different customers) launched quite a campaign doing 100Mbps during these t=
imes (on 100Mbps ports).
The thing I find 'suspicious' is that all of the machines connected Interfa=
ces said they were sending out 200Mbps (on 100Mbps links) and that they all=
had the same exact traffic profile (MRTG, etc).
5 minute input rate 213353000 bits/sec, 18516 packets/sec
5 minute output rate 583000 bits/sec, 855 packets/sec
Anyone else see this or am I just very lucky?
thanks,
-Drew
