[nsp-sec] Ongoing DDoS against illinois.edu
Michael Sinatra
michael at rancid.berkeley.edu
Sat Mar 2 13:08:57 EST 2013
I have found at least a few in ESnet's address space that are clearly
non-existent, but I am also checking netflow, as there are a few others
in our site space that pop up in your list.
There are also two UCB hosts that may be legitimate wireless hosts; I'll
have Rune Stromsness check on those (has he been added to nsp-sec yet?).
If you have start/stop timestamps, that would be great; otherwise, I'll
infer timing from your emails.
On 3/2/13 8:58 AM, Buraglio, Nicholas D wrote:
> ----------- nsp-security Confidential --------
>
> It's mostly died off at this point. Thanks for looking, would appreciate ay other views and will report more as we find it. We saw a noticeable increase in ICMP around 11:30pm central last night right before it really ramped up.
>
> --
> nb
>
> On Mar 2, 2013, at 10:47 AM, "Joel Rosenblatt" <joel at columbia.edu> wrote:
>
>> Hi,
>>
>> I have a feeing that at least a few of these are spoofed addresses, since the one Columbia address does not seem to be hooked up to anything on our side.
>>
>> IP Subnet [Assignment]
>> 160.39.31.129 160.39.31.128/25 [Available (Expansion space)]
>> ARP cache
>> IP MAC Last Seen
>>
>>
>> I know it's a small sample, but that's all I have :-)
>>
>> good luck,
>> Joel
>>
>> --On Saturday, March 02, 2013 4:01 PM +0000 "Buraglio, Nicholas D" <buraglio at illinois.edu> wrote:
>>
>>> ----------- nsp-security Confidential --------
>>
>>
>>
>> Joel Rosenblatt, Director, Network & Computer Security
>> Columbia Information Security Office (CISO)
>> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
>> http://www.columbia.edu/~joel
>> Public PGP key
>> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3
>>
>>
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>
More information about the nsp-security
mailing list