[nsp-sec] Ongoing DDoS against illinois.edu
Buraglio, Nicholas D
buraglio at illinois.edu
Sat Mar 2 13:18:45 EST 2013
Ill grab the actual time stamps but the rough window was midnight 3/2 until 9ish am 3/2.
--
nb
On Mar 2, 2013, at 12:09 PM, "Michael Sinatra" <michael at rancid.berkeley.edu> wrote:
> I have found at least a few in ESnet's address space that are clearly non-existent, but I am also checking netflow, as there are a few others in our site space that pop up in your list.
>
> There are also two UCB hosts that may be legitimate wireless hosts; I'll have Rune Stromsness check on those (has he been added to nsp-sec yet?).
>
> If you have start/stop timestamps, that would be great; otherwise, I'll infer timing from your emails.
>
> On 3/2/13 8:58 AM, Buraglio, Nicholas D wrote:
>> ----------- nsp-security Confidential --------
>>
>> It's mostly died off at this point. Thanks for looking, would appreciate ay other views and will report more as we find it. We saw a noticeable increase in ICMP around 11:30pm central last night right before it really ramped up.
>>
>> --
>> nb
>>
>> On Mar 2, 2013, at 10:47 AM, "Joel Rosenblatt" <joel at columbia.edu> wrote:
>>
>>> Hi,
>>>
>>> I have a feeing that at least a few of these are spoofed addresses, since the one Columbia address does not seem to be hooked up to anything on our side.
>>>
>>> IP Subnet [Assignment]
>>> 160.39.31.129 160.39.31.128/25 [Available (Expansion space)]
>>> ARP cache
>>> IP MAC Last Seen
>>>
>>>
>>> I know it's a small sample, but that's all I have :-)
>>>
>>> good luck,
>>> Joel
>>>
>>> --On Saturday, March 02, 2013 4:01 PM +0000 "Buraglio, Nicholas D" <buraglio at illinois.edu> wrote:
>>>
>>>> ----------- nsp-security Confidential --------
>>>
>>>
>>>
>>> Joel Rosenblatt, Director, Network & Computer Security
>>> Columbia Information Security Office (CISO)
>>> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
>>> http://www.columbia.edu/~joel
>>> Public PGP key
>>> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3
>>
>>
>>
>> _______________________________________________
>> nsp-security mailing list
>> nsp-security at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/nsp-security
>>
>> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
>> community. Confidentiality is essential for effective Internet security counter-measures.
>> _______________________________________________
>
More information about the nsp-security
mailing list