[nsp-sec] Anyone else seeing a HUGE increase in TCP/1935 from Limelight Networks
John Fraizer
john at op-sec.us
Mon Jun 16 16:33:24 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sean Donelan wrote:
> On Mon, 16 Jun 2008, John Fraizer wrote:
>> We've suddenly (since about 1600 GMT today) seen a huge increase in
>> inbound traffic - a very unnatural curve on our graphs. I have
>> tracked this via flows to a large influx
>> of traffic from Limelight networks.
>
> The PGA final round is this afternoon. Could this be a streaming event?
>
> TCP/1935 Adobe Macromedia Flash Real Time Messaging Protocol (RTMP)
> "plain" protocol
>
> Are you seeing it decrease now. Tiger won.
>
That almost certainly has to be what this was then. As soon as I nuked TCP/1935, it shifted to TCP/80 which RTMP will do...
John
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org
iD8DBQFIVs4U+16lRpJszIgRAjy2AJ0X52cfABQ1hAZhUzBviTi7cdT8lQCfbd/j
mr29UzgLhZLn1IJh99/6ucE=
=3xC+
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list