20 Jul
2015
20 Jul
'15
2:49 p.m.
On 20 Jul 2015, at 18:12, Drew Weaver wrote:
Ah, alright. I've seen the "general" amplification attacks SNMP/DNS/NTP/you name it, plenty but this is the first one I've ever seen one that targeted 1720/5060 and as its mitigated in one place it keeps moving from dst to dst fairly rapidly until none of the dst ips are available.
What source ports and breadth of purported source IPs? I'm not sure this is reflection/amplification attack, it may be a straight packeting of H.323 systems. ----------------------------------- Roland Dobbins <rdobbins@arbor.net>