[53756] in North American Network Operators' Group
Odd DDoS, anyone else seen this?
daemon@ATHENA.MIT.EDU (Stephen J. Wilcox)
Mon Nov 25 08:03:46 2002
Date: Mon, 25 Nov 2002 13:02:04 +0000 (GMT)
From: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
To: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
Hi,
we had a large DDoS over the weekend, I wondered if anyone else has seen this
and knows what software is behind it.
We saw many hundred thousand packets per second entering our network from
various international peers, each packet was tcp destined to a single real end
user IP address and sourced from a /16 network address eg 61.254.0.0, where the
src was random and different on each packet but always x.x.0.0
I was unable to find out more about the data within the packet, the sheer volume
made diagnosis impossible without killing the routers.
Steve
