[nsp-sec] Possible DoS test / FYSA
Matthew.Swaar at us-cert.gov
Matthew.Swaar at us-cert.gov
Mon Sep 7 17:05:16 EDT 2009
No action required on this, just passing it along for situational
awareness.
One of our dark Ips got some packet love today:
sIP| Bytes| Packets| Records|
Start_Time| End_Time|
88.191.99.239| 1043659640| 26091491| 65536|
2009/09/07T16:47:14| 2009/09/07T16:50:09|
All traffic was TCP 40-byte SYN packets. 26M+ packets in 2m55s, ~1GB
total traffic. The dest IP is dark, and we didn't get any reports of
issues with the supporting infrastructure, so the total impact appears
to have been non-existent.
Possibly a test, or perhaps something was just horribly
misconfigured/fat-fingered for a few seconds. (Although the volume
seems high for a misconfiguration.)
Very Respectfully,
US-CERT Ops Center
703-235-5111
POC: Matt Swaar - Analyst
More information about the nsp-security
mailing list