[48034] in North American Network Operators' Group
DoS on ftp port
daemon@ATHENA.MIT.EDU (Brian Wilson)
Tue May 21 09:27:33 2002
Date: Tue, 21 May 2002 08:27:02 -0500 (CDT)
From: Brian Wilson <wilson@unity.ncsu.edu>
To: nanog@merit.edu
Message-ID: <Pine.LNX.4.21.0205210826470.28771-100000@pound.ifndef.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
Just wondering if anyone else has seen this happen recently:
https://uni01nf.unity.ncsu.edu/ncsu/usage/io-fps-service-daily.html
We maxed out at about 10,000 flows/sec. I'm currently going back through
our argus logs and collecting a list of source hosts (all appear to be
spoofed of course). In a 15 minute period we had 4.2 million unique hosts
pounding one of our servers.
The only reason I post this is that on some other off-campus machines I
maintain, I've seen an increase in ftp connections. So, I was wondering
if this is some new worm, ddos, or something of that nature. If anyone
would care to comment, I'm all ears.
Brian
--
Brian Wilson wilson@ncsu.edu
Network Analyst W: 919.513.3472
Communication Technologies F: 919.513.1893
North Carolina State University http://www.ncstate.net
