[nsp-sec] Potential DoS data for 89.45.193.200 and 204.188.216.183
Yiming Gong
yiming.gong at xo.com
Thu Dec 16 15:52:19 EST 2010
There were 602143 of different source IPs participing the SYN flood to 204.188.216.183 within the 15 minutes (from 11:40 to 11:55) window,
the sources IPs definitely look spoofed to me.
And except the following 3 hosts, all the rest pretty much only had 1 or 2 SYN request
count(*) sip proto dport tcpflags size dist
1338 121.125.67.246 TCP 80 ....S. 48,52
244 216.3.66.10 TCP 80 ....S. 48,52
24 114.203.113.101 TCP 80 ....S. 48,52
And for tcp traffic, all are SYN requests, and they are either 48 or 52 byte large.
I got nothing for 89.45.193.200.
Let me know if you need the raw flow data, thanks
Regards
Yiming
On 12/16/2010 01:27 PM, Buraglio, Nicholas D wrote:
> ----------- nsp-security Confidential --------
>
More information about the nsp-security
mailing list