[22199] in North American Network Operators' Group
** nac.net UNDER ATTACK
daemon@ATHENA.MIT.EDU (alex@nac.net)
Mon Dec 14 00:45:29 1998
From: alex@nac.net
Date: Mon, 14 Dec 1998 00:21:17 -0500 (EST)
To: nanog@merit.edu
We are currently seeing about 2 mb/s of the following traffic from
131.123.16.54 (membrane.kent.edu).
.Dec 14 00:12:13: IP: s=131.123.16.54 (ATM0), d=209.123.11.189 (Hssi0), len 1028, access denied
.Dec 14 00:12:13: UDP src=11570, dst=79
.Dec 14 00:12:13: IP: s=131.123.16.54 (ATM0), d=209.123.11.189 (Hssi0), len 1028, access denied
.Dec 14 00:12:13: UDP src=11570, dst=79
It is unlikely that a Cisco 7206 is sending 2 mb/s of finger requests to
this box, so I am assuming they are spoofing at least the port.
Has anyone else seen this?
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Atheism is a non-prophet organization. I route, therefore I am.
Alex Rubenstein, alex@nac.net, KC2BUO, ISP/C Charter Member
Father of the Network and Head Bottle-Washer
Net Access Corporation, 9 Mt. Pleasant Tpk., Denville, NJ 07834
Don't choose a spineless ISP; we have more backbone! http://www.nac.net
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
