[nsp-sec] Question on attack flow quantitiy
Joel Rosenblatt
joel at columbia.edu
Wed Oct 29 10:00:16 EDT 2008
Nothing obvious .. we track things by IP, not by port - and the total number of attacking IPs is pretting constant - though the number seems to have moved from
an average of 10 to an average of 12 - not a big jump.
You are right on about the span of the spikes .. they all seem to last about an hour.
I can't put my finger on packet counts right this second - but the flow count is back to normal.
Joel
--On Wednesday, October 29, 2008 9:35 AM -0400 Young Wes <wcyoung at buffalo.edu> wrote:
> We saw a slight uptick in UDP traffic yesterday around 16:30 EDT via I1, nothing consistent as you describe though... Lasted about an hour or so. Didn't hit
> the 150k mark, but came close.
>
> Are you able to narrow it down to a specific protocol? What is your avg PacketsPerSecond vs "now" (in comparison to the number of flows)?
>
> On Oct 29, 2008, at 9:16 AM, Joel Rosenblatt wrote:
>
>> ----------- nsp-security Confidential --------
>>
>> Hi,
>>
>> We have been seeing big spikes in our external attack flows (see
>> graph - it is the last 24 hours) - we typically see about 50k flows
>> per 5 minute interval - we have been seeing upward of 150k for the
>> last few days.
>>
>> The vectors are spread around over lots of attack ports.
>>
>> Is everyone else seeing this, or do I have a big target painted on
>> me somewhere?
>>
>> Thanks,
>> Joel
>>
>> Joel Rosenblatt, Manager Network & Computer Security
>> Columbia Information Security Office (CISO)
>> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
>> http://www.columbia.edu/~joel
>>
>>
>> _______________________________________________
>> nsp-security mailing list
>> nsp-security at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/nsp-security
>>
>> Please do not Forward, CC, or BCC this E-mail outside of the nsp-
>> security
>> community. Confidentiality is essential for effective Internet
>> security counter-measures.
>> _______________________________________________
>
> --
> Wes
> http://claimid.com/wesyoung
>
Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
More information about the nsp-security
mailing list