[Outages-discussion] What Dyn IPs to look for in netflow?
Damian Menscher
damian at google.com
Mon Oct 24 16:39:40 EDT 2016
You can identify your infected users by looking for outbound scanning on
port 23/tcp. (The Dyn attack was from an IoT botnet which spreads via
telnet default passwords.)
Damian
On Sat, Oct 22, 2016 at 6:48 PM, Charles Sprickman <spork at bway.net> wrote:
> I wanted to poke through our netflow data from Friday to see if any
> customers were involved. Do we have any idea which Dyn IPs were being hit
> in the east coast attack?
>
> I’ve been poking around with sorting by packet count to UDP 53, but I’m
> not even sure this was an application level or volumetric attack. Nothing
> is standing out (yet)…
>
> Thanks,
>
> Charles
> --
> Charles Sprickman
> NetEng/SysAdmin
> Bway.net - New York's Best Internet www.bway.net
> spork at bway.net - 212.982.9800
>
>
>
> _______________________________________________
> Outages-discussion mailing list
> Outages-discussion at outages.org
> https://puck.nether.net/mailman/listinfo/outages-discussion
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages-discussion/attachments/20161024/f7cad49c/attachment-0001.html>
More information about the Outages-discussion
mailing list