[nsp-sec] Annoying synfloods: 82.161.224.217 and 82.161.224.160
Scott A. McIntyre
Scott at xs4all.net
Fri Jul 17 02:15:23 EDT 2009
Good day teams,
A few of my customers have been feeling the pain of a 80/tcp synflood
from a myriad of (obviously spoofed) sources for about two weeks now.
The targets and rates are:
82.161.224.217 = 150Kpps @ 52Mbit
82.161.224.160 = 200Kpps @ 75mbit
I'd share a list of sources, but just in the last hour it's 440341
unique IPs, so I'm going with the spoofed explanation.
Both systems are meant to have http services running on them, and as
they're colocated with multiple sites running on them, I am not yet
sure what the intended destination is (trying to extract that from
customer).
If you see large amounts of flow to either destination, I'd appreciate
the help in stopping this.
Thank you.
Scott A. McIntyre
XS4ALL Internet B.V.
More information about the nsp-security
mailing list