I'm trying to gather information about a DDoS attack against a private network that took place on the 13th from ca. 10:30 to 17:00 GMT. Most of the packets had an (apparently forged) source address of 208.184.109.166 (abovenet). Bandwidth rates were in excess of several Gb/s. The victim is located in in middle asia and at least a substantial amount of the traffic was routed through from scandinavian backbones, especially FI-SE and KPNQwest, in the direction Nordunet. My guesses go in the direction that it was either a larger DoS network, or an attack from a couple of compromised routers. If you've seen any related activity yesterday going over your network, or perhaps even had a compromise and ddos installation on several servers in scandinavia in the last couple of days, I'd be very happy to hear about it, either on this list or in private. Thank you, Mixter --------------------------- Mixter Development/Consulting 2xs LTD. - http://2xss.com Tel: +972-9-9519980 Mail: mixterat_private ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Dec 14 2001 - 09:36:40 PST