[74542] in North American Network Operators' Group
RE: Internet Connectivity
daemon@ATHENA.MIT.EDU (Jack Vizelter)
Fri Oct 1 11:27:22 2004
Date: Fri, 1 Oct 2004 11:26:50 -0400
From: "Jack Vizelter" <jack@mail.rockefeller.edu>
To: "Josh Duffek" <consultantjd16@ridemetro.org>, <nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
Investigation is still ongoing, but from what they can tell, majority of
the attempted connections have been going over TCP port 22.
-jack=20
-----Original Message-----
From: Josh Duffek [mailto:consultantjd16@ridemetro.org]=20
Sent: Friday, October 01, 2004 11:05 AM
To: Jack Vizelter; nanog@merit.edu
Subject: RE: Internet Connectivity
Did you run a sniffer to get an idea of what all the traffic is?
Curious what, if any, port(s) are being flooded.
J
-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of
Jack Vizelter
Sent: Friday, October 01, 2004 9:56 AM
To: nanog@merit.edu
Subject: Internet Connectivity
We had several machines start spewing huge amounts of data causing our
pipe to the public Internet to stop. We had no traffic coming in or out
of the campus. We're unsure of whether it's virus related, but wanted
to inquire if anyone else has heard of or came across something similar.
It appears to be an DDOS attack, but, originating from the inside. This
started last night at about 10pm EST.
Thanks,
-jack
