[74544] in North American Network Operators' Group
RE: Internet Connectivity
daemon@ATHENA.MIT.EDU (Stephen J. Wilcox)
Fri Oct 1 11:37:14 2004
Date: Fri, 1 Oct 2004 16:32:14 +0100 (BST)
From: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
To: Jack Vizelter <jack@mail.rockefeller.edu>
Cc: Josh Duffek <consultantjd16@ridemetro.org>, <nanog@merit.edu>
In-Reply-To: <B2DED7F69C64DC4C91D7860F550C20A02B8CE2@PEGASUS.rockefeller.edu>
Errors-To: owner-nanog-outgoing@merit.edu
ahh then you have one of the new wormy things that scans aggressively for easy
accounts on ssh. find src host and disinfect.
Steve
On Fri, 1 Oct 2004, Jack Vizelter wrote:
>
> Investigation is still ongoing, but from what they can tell, majority of
> the attempted connections have been going over TCP port 22.
>
> -jack
>
> -----Original Message-----
> From: Josh Duffek [mailto:consultantjd16@ridemetro.org]
> Sent: Friday, October 01, 2004 11:05 AM
> To: Jack Vizelter; nanog@merit.edu
> Subject: RE: Internet Connectivity
>
> Did you run a sniffer to get an idea of what all the traffic is?
> Curious what, if any, port(s) are being flooded.
>
> J
>
> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of
> Jack Vizelter
> Sent: Friday, October 01, 2004 9:56 AM
> To: nanog@merit.edu
> Subject: Internet Connectivity
>
>
> We had several machines start spewing huge amounts of data causing our
> pipe to the public Internet to stop. We had no traffic coming in or out
> of the campus. We're unsure of whether it's virus related, but wanted
> to inquire if anyone else has heard of or came across something similar.
> It appears to be an DDOS attack, but, originating from the inside. This
> started last night at about 10pm EST.
>
> Thanks,
> -jack
>
