[nsp-sec] Question on attack flow quantitiy
Young Wes
wcyoung at buffalo.edu
Wed Oct 29 09:35:40 EDT 2008
We saw a slight uptick in UDP traffic yesterday around 16:30 EDT via
I1, nothing consistent as you describe though... Lasted about an hour
or so. Didn't hit the 150k mark, but came close.
Are you able to narrow it down to a specific protocol? What is your
avg PacketsPerSecond vs "now" (in comparison to the number of flows)?
On Oct 29, 2008, at 9:16 AM, Joel Rosenblatt wrote:
> ----------- nsp-security Confidential --------
>
> Hi,
>
> We have been seeing big spikes in our external attack flows (see
> graph - it is the last 24 hours) - we typically see about 50k flows
> per 5 minute interval - we have been seeing upward of 150k for the
> last few days.
>
> The vectors are spread around over lots of attack ports.
>
> Is everyone else seeing this, or do I have a big target painted on
> me somewhere?
>
> Thanks,
> Joel
>
> Joel Rosenblatt, Manager Network & Computer Security
> Columbia Information Security Office (CISO)
> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
> http://www.columbia.edu/~joel
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-
> security
> community. Confidentiality is essential for effective Internet
> security counter-measures.
> _______________________________________________
--
Wes
http://claimid.com/wesyoung
More information about the nsp-security
mailing list