[nsp-sec] DDOS against www.de-cix.net
Paul Dokas
dokas at oitsec.umn.edu
Fri Jan 29 10:33:12 EST 2010
Brian Eckman wrote:
> Actually, I agree that it doesn't appear to be backscatter in our
> case. 128.101.190.46 has been briefly contacting www.de-cix.net every
> day between midnight and 0100 local time (0600-0700 UTC) since January
> 2nd.
I've into this host here. The admins talked to the owner (a graduate
student). He is doing research into economic models of the Internet.
Part of that research involves grabbing data from various exchanges
around the world (including www.de-cix.net). Here's an exmample URL
that they're grabbing nightly:
http://www.od-ix.net/list/yearly.png
I see that www.de-cix.net is publishing similar graphs. So the traffic
from 128.101.190.46 appears to have been for legitimate reasons, not as
part of a DDoS.
Paul
--
Paul Dokas dokas at oitsec.umn.edu
======================================================================
Don Juan Matus: "an enigma wrapped in mystery wrapped in a tortilla."
More information about the nsp-security
mailing list