[nsp-sec] Anyone else seeing a HUGE increase in TCP/1935 from Limelight Networks

John Fraizer john at op-sec.us
Tue Jun 17 08:53:11 EDT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Definitely progress. :)

The best part of the day on Monday was being able to tell the pointy-heads that Tiger Woods was responsible for the 3Gb/s DDoS on the network. :)  The "incident" went a
long way towards getting me the deep packet inspection capabilities I want as well. :)

John

Rob Thomas wrote:
> ----------- nsp-security Confidential --------
> 
> Isn't it great that A) people actually noticed this increase, and B) we
> have a forum in which bright minds can discuss it and figure out the
> root cause?  That wasn't the case a few short years ago.
> 
> Progress++  :)
> 
> 
> 
> Dave Burke wrote:
>> ----------- nsp-security Confidential --------
>>
>> We saw a 10x increase in tcp/1935 this morning and seeing it drop back
>> to normal levels now. Traffic to/from the limelight /18 was @ normal
>> levels during that time.
>>
>> dave
>>
>> Sean Donelan wrote:
>>> ----------- nsp-security Confidential --------
>>
>>> On Mon, 16 Jun 2008, John Fraizer wrote:
>>>> We've suddenly (since about 1600 GMT today) seen a huge increase in
>>>> inbound traffic - a very unnatural curve on our graphs.  I have
>>>> tracked this via flows to a large influx
>>>> of traffic from Limelight networks.
>>> The PGA final round is this afternoon.  Could this be a streaming event?
>>
>>> TCP/1935 Adobe Macromedia Flash Real Time Messaging Protocol (RTMP)
>>>     "plain" protocol
>>
>>> Are you seeing it decrease now.  Tiger won.
>>
>>
>>
>>
>>> _______________________________________________
>>> nsp-security mailing list
>>> nsp-security at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/nsp-security
>>
>>> Please do not Forward, CC, or BCC this E-mail outside of the
>>> nsp-security
>>> community. Confidentiality is essential for effective Internet
>>> security counter-measures.
>>> _______________________________________________
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org

iD8DBQFIV7O3+16lRpJszIgRAhTMAJ9eGLiVg0vOIDW8ABzWeNvN+VL45gCff+sj
qgepwkJ3mRpvfl7iwje7gGg=
=gNHi
-----END PGP SIGNATURE-----

More information about the nsp-security mailing list