[nsp-sec] Seeking sources of small DoS
Maher, Kevin
kmaher at ebay.com
Fri Nov 19 17:29:06 EST 2010
Good Afternoon NSP-SEC -
>From 7:26-7:52 PST, we received ~500 Mbit/s TCP syns from spoofed random
IP addresses, targeting 64.4.241.61, 64.4.241.45, and 66.211.169.66.
65535 TCP window size
28 TCP header length
48 IP total length
Almost all packets had a TTL of 115 when they reached our network, so they
are probably sourced from the same network.
Also most of the traffic was delivered to us by Qwest (Thanks Don! ;)
We would greatly appreciate any information you may be able to find
regarding sources or flows.
Thanks much in advance,
Kevin
More information about the nsp-security
mailing list