[nsp-sec] Potential Wikileaks related DDoS traffic
Young, Beth A.
youngba at more.net
Thu Dec 9 15:40:43 EST 2010
We had 4 Catalyst 3560 (insecure) switches that were ping flooding a Wikileaks address. Here is a sample of the flow data:
AS NUMBER PORT
START TIME STOP TIME SOURCE IP DESTINATION IP SRC DST PROT SRC DST PACKETS OCTETS
2010/12/07-16:47:23 2010/12/07-17:02:02 207.160.101.60 46.59.1.2 2572 0 1 0 0 59248 83188812
2010/12/07-17:02:28 2010/12/07-17:16:58 207.160.101.60 46.59.1.2 2572 0 1 0 0 62250 87423000
I haven't seen any of the traffic aimed at PayPal, Visa and Mastercard.
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-
> bounces at puck.nether.net] On Behalf Of Daniel Schwalbe
> Sent: Thursday, December 09, 2010 1:56 PM
> To: nsp-security at puck.nether.net
> Subject: [nsp-sec] Potential Wikileaks related DDoS traffic
>
> ----------- nsp-security Confidential --------
>
>
> Does anybody have a read on which IPs or ASs are being targeted for the
> reportedly ongoing DDoS related to Wikileaks?
>
> Any idea about real numbers of volume of traffic involved, or is it just the
> media blowing things out of proportion again?
>
> Thanks!
> -Daniel
>
> --
> Daniel Schwalbe, CISSP, CISM, CIPP
> Assistant Director of Security Services
> Office of the CISO
> University of Washington
> Phone +1(206) 685-8210 | Email dfs at uw.edu<mailto:dfs at uw.edu>
>
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net<mailto:nsp-security at puck.nether.net>
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
More information about the nsp-security
mailing list