[nsp-sec] DDoS against 204.69.234.1/204.74.101.1
SURFcert - Peter
p.g.m.peters at utwente.nl
Wed Apr 15 06:35:00 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Keith Schoenefeld wrote on 15-4-2009 4:58:
> I don't have the ability to look at DNS logs at the moment (we don't
> capture them), but flow logs inidicate 142 flows in the last five
> minutes to 204.69.234.1 and (all appear to be from legitimate DNS
> servers on campus), and 1446 flows in the last five minutes to
> 204.74.101.1 (again, all appear to be from legitimate DNS servers on
> campus).
I have checked the flows too and found mainly DNS servers. Except for
one system. I have started investigations into that system.
- --
Peter Peters
SURFcert Officer off Duty
cert at surfnet.nl http://cert.surfnet.nl/
office-hours: +31 302 305 305 emergency (24/7): +31 622 923 564
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJ5bhUelLo80lrIdIRAoC/AJ4qJnCqfsPyJwc/AcDf4EVQDOLHvACgq2bT
9NT3rUxhfjUSicS1vB8XvRg=
=4qdL
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list