[46953] in North American Network Operators' Group
Re: New DoS attack affecting small NAT devices?
daemon@ATHENA.MIT.EDU (mike harrison)
Thu Apr 18 21:39:35 2002
Date: Thu, 18 Apr 2002 21:38:51 -0400 (EDT)
From: mike harrison <meuon@highertech.net>
To: Donn Lasher <dlasher@clearskynet.net>
Cc: NANOG <nanog@merit.edu>
In-Reply-To: <5.1.0.14.2.20020418090548.00b6b408@mail.clearskynet.net>
Message-ID: <Pine.LNX.4.10.10204182135420.3309-100000@home.highertech.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
> Starting Tuesday night, we started getting complaints from customers in a
> specific net block of our network, all of whom were running small
> "personal" firewalls (Netgear, linksys etc) about:
Someone on that network is scanning/flooding it hard... probably from
a hacked box spoofing IP's. Last one I had was a linux boxen
with a 'udp.pl' running from a pseudo-root account. As it was
not actually making connections, many of the traffic/monitoring tools
had a hard time identifying it. We found it using ntop (ntop.org)
and the packet stats on the ethernet switches.
