[nsp-sec] Anyone else seeing a HUGE increase in TCP/1935 from Limelight Networks

[Rob Thomas]

Isn't it great that A) people actually noticed this increase, and B) we 
have a forum in which bright minds can discuss it and figure out the 
root cause?  That wasn't the case a few short years ago.

Progress++  :)



Dave Burke wrote:
> ----------- nsp-security Confidential --------
> 
> We saw a 10x increase in tcp/1935 this morning and seeing it drop back
> to normal levels now. Traffic to/from the limelight /18 was @ normal
> levels during that time.
> 
> dave
> 
> Sean Donelan wrote:
>> ----------- nsp-security Confidential --------
> 
>> On Mon, 16 Jun 2008, John Fraizer wrote:
>>> We've suddenly (since about 1600 GMT today) seen a huge increase in inbound traffic - a very unnatural curve on our graphs.  I have tracked this via flows to a large influx
>>> of traffic from Limelight networks.
>> The PGA final round is this afternoon.  Could this be a streaming event?
> 
>> TCP/1935 Adobe Macromedia Flash Real Time Messaging Protocol (RTMP)
>>     "plain" protocol
> 
>> Are you seeing it decrease now.  Tiger won.
> 
> 
> 
> 
>> _______________________________________________
>> nsp-security mailing list
>> nsp-security at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/nsp-security
> 
>> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
>> community. Confidentiality is essential for effective Internet security counter-measures.
>> _______________________________________________

_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security

Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security 
counter-measures.
_______________________________________________

-- 
Rob Thomas
Team Cymru
The WHO and WHY team
http://www.team-cymru.org/