[nsp-sec] On going DDoS AS5664 142.55.0.0/16
Mike Tancsa
mike at sentex.net
Sat Mar 30 10:43:01 EDT 2013
On 3/29/2013 8:54 PM, jim deleskie wrote:
> ----------- nsp-security Confidential --------
>
> Greetings,
>
> I've been asked by the good folks at Sheridan College to assit with an
> ongoing off and on DDoS over the last few days. It started as SYN floods,
> but switched to UDP, they have also seen varied attacks changing from BW to
> pps. High watermark has been 900M and 600k pps, its not big enough to make
> the new but is hurting the school :) If anyone has any info please let me
> know.
Do you have any more details as to what the packets look like ? e.g
(ports, packet sizes) I see a number of torrent peers there as well as
what *might* be DOS traffic, but its hard to say for sure. The traffic
I see is not spoofed. Before I a send it to my support people to
contact the customers, I would like to be a bit more certain.
---Mike
--
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
More information about the nsp-security
mailing list