Hello all... >Well. If the IPs were from 207.46.x.x they were MSFT: > Netname: MICROSOFT-GLOBAL-NET > Netblock: 207.46.0.0 - 207.46.255.255 Indeed, I should have said that the IP addresses I did in fact see were all in the 207.46.x.x range, although admittedly I hadn't thought to try doing a reverse lookup or a whois search on them. >My guess is that someone set up a few hundred clients to connect to >MSFT-servers with a fake source-ip. So all the replies went to "random" >destintaions - and Peter Bates network just happened to be in the >attackers "source-range". I think this does indeed sound highly probable... not very pleasing news, necessarily, but I suppose more pleasant than knowing the traffic was the result of a genuine DDoS emanating from my network! Thanks... --------------------------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, Network Support Team. London School of Hygiene & Tropical Medicine. Telephone:0207-927 2124 / Fax: 0207-436 5389 / Pager: 07625 255362 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Jul 01 2001 - 22:39:35 PDT