[nsp-sec] Scanning from 147.237.72.69 - please disregard
Hank Nussbacher
hank at efes.iucc.ac.il
Mon Oct 19 00:56:07 EDT 2009
This is a forwarded message from the Israeli e-gov dept:
----------------------------------------------------
Hello,
Today at around 02:40 AM (GMT +0200) we received a large DDoS attack (in the Syn-Flood form). The attack was on 147.237.72.69. The attack was mitigates successfully (although we have seen a whooping number of 250,000 connections per second and in numbers, we're talking about 900,000,000 connections during the hour of attempted attack).
What we do see now is the reflected traffic off 147.237.72.69. Since we are talking about syn-floods, the server returned ACKs to a lot of spoofed IPs all over the world. Meaning it will now register as an attacking (scanning) IP.
Please, disregard this, the ACKs and consequent RSTs and RST,ACKs should stop any minute now, as the server is still cleaning it's TCP stack.
Best Regards,
Assaf Keren
Information Security Manager
E - Gov Department
E-Mail: assafk at tehila.gov.il
----------
More information about the nsp-security
mailing list