[nsp-sec] TCP Flood to 2.1.4.245
Jose Nazario
jose at arbor.net
Wed Nov 18 12:55:43 EST 2009
On Nov 18, 2009, at 12:24 PM, Rob Shakir wrote:
> This afternoon we saw some odd traffic towards one of the RIPE NCC's
> de-bogonising prefixes (2.1.0.0/21), and in particular 2.1.4.245/32
> within this. The traffic looked to be from spoofed sequential sources,
> and was 650 byte TCP packets with randomised source and destination
> ports (approximately uniform distribution of src/dst port pairs).
so far nothing here for that IP.
_____________________________
jose nazario, ph.d. jose at arbor.net
manager of security research, arbor networks
http://asert.arbor.net/
More information about the nsp-security
mailing list