[nsp-sec] Odd "attack" traffic
Kevin Oberman
oberman at es.net
Tue Dec 28 22:48:26 EST 2010
> Date: Tue, 28 Dec 2010 22:02:57 -0500
> From: Chris Morrow <morrowc at ops-netman.net>
>
> On 12/28/10 9:59 PM, Kevin Oberman wrote:
> > ----------- nsp-security Confidential --------
> >
> > Mike and Joel,
> >
> > This makes some sense. It looks like my system has been entered in some
> > list of servers and various systems keep trying to connect. The system
> > is a FreeBSD box that I am quite sure is not and never has had that port
> > open.
> >
> > I'll see if the stuff I'm packets I'm getting look like what you
> > reported.
>
> keep in mind that some of the (baytsp for one) RIAA/MPAA shills will
> spew this sort of traffic over ip ranges in hopes that they get replies
> and this can send subpoenas toward the ip-owners :(
>
> no, I'm not bitter about getting ~1k of these to a darknet... and having
> to visit the corp-council's offices to explain.
Wow! Sounds like a fun way to spend an afternoon! Almost as good as an
hour or two of hitting oneself with a 10 ounce ball-peen hammer. That
said, your suggestion really does not seem to fit the traffic profiles I
have been seeing, but I suppose, with adequately incompetent
programmers, anything is possible.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman at es.net Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
More information about the nsp-security
mailing list