[nsp-sec] Potential DDoS against mynah.eff.org ?
Daniel Schwalbe
dfs at cac.washington.edu
Fri Jan 30 13:52:45 EST 2009
We are seeing sporadic flurries of ACK packets from mynah.eff.org:80
coming back to IPs allocated mostly to our darknets, so the source of the
SYN is obviously spoofed.
$ host mynah.eff.org
mynah.eff.org has address 64.147.188.2
$ whois -h whois.cymru.com 64.147.188.2
AS | IP | AS Name
26914 | 64.147.188.2 | GLOBAL-NETOPTEX-INC - Global Netoptex, Inc
Is anybody else seeing this? I am just trying to get an idea of scale.
The website at mynah.eff.org seems responsive, so at least it's not an
all-out assault.
-Daniel
_______________________________________________________
Daniel Schwalbe, CISSP, CISM dfs at u.washington.edu
Head of Outreach & Special Projects +1(206) 685-8210
Office of the CISO University of Washington
PGP: E2DD CE57 62F4 0F22 CA09 37AB CA69 A2A3 1A45 0BF7
More information about the nsp-security
mailing list