+-+
| 216.069.032.086 | Kentucky Community and Technical College System
| 066.223.041.231 | Interland
| 216.066.011.120 | Hurricane Electric
| 216.098.178.081 | V-Span, Inc.
+-+
HE.net seems to be a reoccuring theme. (I speak to evil of them --
Hello,
It might be interesting if some people were to post when they received
their first attack packet, and where it came from, if they happened to
be logging.
Here is the first packet we logged:
Jan 25 00:29:37 EST 216.66.11.120
--Phil
ISPrime
On Sat, Jan 25, 2003 at 06:58:46AM -0500, Phil Rosenthal wrote:
It might be interesting if some people were to post when they received
their first attack packet, and where it came from, if they happened to
be logging.
Here is the first packet we logged:
Jan 25 00:29:37 EST 216.66.11.120
* Clayton Fiske ([EMAIL PROTECTED]) [030125 12:55] writeth:
On Sat, Jan 25, 2003 at 06:58:46AM -0500, Phil Rosenthal wrote:
It might be interesting if some people were to post when they received
their first attack packet, and where it came from, if they happened to
be logging.
Here is the
It might be interesting if some people were to post when they received
their first attack packet, and where it came from, if they happened to
be logging.
Here is the first packet we logged:
Jan 25 00:29:37 EST 216.66.11.120
A quick followup to my previous message. I found an earlier attempt
According to Clayton Fiske:
Interestingly, looking through my logs for UDP 1434, I saw a
sequential
scan of my subnet like so:
Jan 16 08:15:51 206.176.210.74,53 - x.x.x.1,1434 PR udp len 20 33
IN
Jan 16 08:15:51 206.176.210.74,53 - x.x.x.2,1434 PR udp len 20 33
IN
Jan 16 08:15:51
Our first (this is EST):
Jan 25 00:29:44 external.firewall1.oct.nac.net firewalld[109]: deny in
eth0 404 udp 20 114 61.103.121.140 66.246.x.x 3546 14
34 (default)
61.103.121.140 = a host somewhere on GBLX
On Sat, 25 Jan 2003, Pete Ashdown wrote:
* Clayton Fiske ([EMAIL PROTECTED])
Here are the IPs I got at 5:29:40 GMT, the time I got 10 packets / second
+-+
| source |
+-+
| 216.069.032.086 | Kentucky Community and Technical College System
| 066.223.041.231 | Interland
| 216.066.011.120 | Hurricane Electric
| 216.098.178.081 |
PR Date: Sat, 25 Jan 2003 06:58:46 -0500
PR From: Phil Rosenthal
PR It might be interesting if some people were to post when they
PR received their first attack packet, and where it came from,
PR if they happened to be logging.
I agree, except such high flow rates make even millisecond-scale
Here is what we saw at MIT (names are subnets). These are the times when
the flooding started to cause us problems.
sloan 00:31:36
oc1-t100:32:07
nox-link 00:32:37
extr2-bb 00:33:13
All are EST. The numbers are accurate to *at best* a minute because of
the delay before the Noc is
At 05:52 PM 1/25/2003, you wrote:
Our first (this is EST):
Jan 25 00:29:44 external.firewall1.oct.nac.net firewalld[109]: deny in
eth0 404 udp 20 114 61.103.121.140 66.246.x.x 3546 14
34 (default)
61.103.121.140 = a host somewhere on GBLX
Our first ones came from:
1. L(3) space, swip'd
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Saturday 25 January 2003 17:32, Travis Pugh wrote:
[snip]
Ditto on the sequential scan well before the actual action, except
that mine came on Jan. 19th:
Jan 19 10:59:11 Deny inbound UDP from 67.8.33.179/1 to xxx.xxx.xxx.xxx
I have a
+-+
| 216.069.032.086 | Kentucky Community and Technical College System
| 066.223.041.231 | Interland
| 216.066.011.120 | Hurricane Electric
| 216.098.178.081 | V-Span, Inc.
+-+
HE.net seems to be a reoccuring theme. (I speak to evil of them --
13 matches
Mail list logo
