ahh then you have one of the new wormy things that scans aggressively for easy accounts on ssh. find src host and disinfect. Steve On Fri, 1 Oct 2004, Jack Vizelter wrote:
Investigation is still ongoing, but from what they can tell, majority of the attempted connections have been going over TCP port 22.
-jack
-----Original Message----- From: Josh Duffek [mailto:consultantjd16@ridemetro.org] Sent: Friday, October 01, 2004 11:05 AM To: Jack Vizelter; nanog@merit.edu Subject: RE: Internet Connectivity
Did you run a sniffer to get an idea of what all the traffic is? Curious what, if any, port(s) are being flooded.
J
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Jack Vizelter Sent: Friday, October 01, 2004 9:56 AM To: nanog@merit.edu Subject: Internet Connectivity
We had several machines start spewing huge amounts of data causing our pipe to the public Internet to stop. We had no traffic coming in or out of the campus. We're unsure of whether it's virus related, but wanted to inquire if anyone else has heard of or came across something similar. It appears to be an DDOS attack, but, originating from the inside. This started last night at about 10pm EST.
Thanks, -jack