[nsp-sec] DoS Earlier Today

[Matthew.Swaar at us-cert.gov]

We got some packet love between 0100 and 0800 GMT today (29 Sep).

Host 130.14.29.110 was the recipient.  The traffic was from a single
source IP (218.58.75.201, China Unicom AS4837 I think) and didn't appear
to be spoofed.  Traffic was TCP-80 and a 3-way handshake appeared to be
completed.


               Date|        Records|               Bytes|
Packets|
2009/09/29T01:00:00|       74137.00|       5644255475.00|
108553818.00|
2009/09/29T02:00:00|       18258.00|       5766887546.00|
110888968.00|
2009/09/29T03:00:00|       35179.63|      12459525330.16|
239599986.82|
2009/09/29T04:00:00|      149362.49|      16072069084.85|
309253919.94|
2009/09/29T05:00:00|      452678.75|      16485612549.58|
318279842.17|
2009/09/29T06:00:00|       19768.72|       6485693206.25|
124719271.90|
2009/09/29T07:00:00|      241759.07|       8737336838.94|
168047947.36|
2009/09/29T08:00:00|      199669.34|       8826816560.23|
169787748.80|


The traffic/attack has ceased, but I was curious if anyone saw any
commands/etc that related to this.


 
Very Respectfully,

US-CERT Ops Center
703-235-5111
POC: Matt Swaar - Analyst