RE: Internet Connectivity
Investigation is still ongoing, but from what they can tell, majority of the attempted connections have been going over TCP port 22. -jack -Original Message- From: Josh Duffek [mailto:[EMAIL PROTECTED] Sent: Friday, October 01, 2004 11:05 AM To: Jack Vizelter; [EMAIL PROTECTED] Subject: RE: Internet Connectivity Did you run a sniffer to get an idea of what all the traffic is? Curious what, if any, port(s) are being flooded. J -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jack Vizelter Sent: Friday, October 01, 2004 9:56 AM To: [EMAIL PROTECTED] Subject: Internet Connectivity We had several machines start spewing huge amounts of data causing our pipe to the public Internet to stop. We had no traffic coming in or out of the campus. We're unsure of whether it's virus related, but wanted to inquire if anyone else has heard of or came across something similar. It appears to be an DDOS attack, but, originating from the inside. This started last night at about 10pm EST. Thanks, -jack
RE: Internet Connectivity
ahh then you have one of the new wormy things that scans aggressively for easy accounts on ssh. find src host and disinfect. Steve On Fri, 1 Oct 2004, Jack Vizelter wrote: Investigation is still ongoing, but from what they can tell, majority of the attempted connections have been going over TCP port 22. -jack -Original Message- From: Josh Duffek [mailto:[EMAIL PROTECTED] Sent: Friday, October 01, 2004 11:05 AM To: Jack Vizelter; [EMAIL PROTECTED] Subject: RE: Internet Connectivity Did you run a sniffer to get an idea of what all the traffic is? Curious what, if any, port(s) are being flooded. J -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jack Vizelter Sent: Friday, October 01, 2004 9:56 AM To: [EMAIL PROTECTED] Subject: Internet Connectivity We had several machines start spewing huge amounts of data causing our pipe to the public Internet to stop. We had no traffic coming in or out of the campus. We're unsure of whether it's virus related, but wanted to inquire if anyone else has heard of or came across something similar. It appears to be an DDOS attack, but, originating from the inside. This started last night at about 10pm EST. Thanks, -jack
Re: Internet Connectivity
Investigation is still ongoing, but from what they can tell, majority of the attempted connections have been going over TCP port 22. -jack Agressive SSH scans have been well reported on the internet in the last month or so. James H. Edwards Routing and Security Administrator At the Santa Fe Office: Internet at Cyber Mesa [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.cybermesa.com/ContactCM (505) 795-7101
RE: Internet Connectivity
Also see the DShield Are you cracked? frob: http://www.dshield.org/warning_explanation.php - ferg -- Stephen J. Wilcox [EMAIL PROTECTED] wrote: ahh then you have one of the new wormy things that scans aggressively for easy accounts on ssh. find src host and disinfect. Steve On Fri, 1 Oct 2004, Jack Vizelter wrote: Investigation is still ongoing, but from what they can tell, majority of the attempted connections have been going over TCP port 22. -jack -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED]