[nsp-sec] huge spikes in tcp 53. rackspace owns one of the ddos victims:(
Yiming Gong
Yiming.gong at xo.com
Wed Mar 16 18:09:55 EDT 2011
We had a huge tcp port 53 spike (5Gbps) on jan31 and then a few smaller ones in Feb.
The61.161.141.4 is sending tcp traffic to port 53 and pinging various destinations as of now.
Yiming
On 3/16/2011 4:19 PM, Smith, Donald wrote:
> On the 8 week graph you will see a HUGE increase (from ~0Mbs to 800Mbs of tcp 53) on January 23rd or so and another on March 10th or so.
>
> So something out there is doing very bursty tcp 53 connections/scans.
> # IP
> 1263 61.161.141.4
More information about the nsp-security
mailing list