Hello there, Thuesday we've had a DDoS coming from 500 different sources. It was a "tcp-packet-flood" to unpriviledged ports. The DDoS take our network down for 2 hours. I called our ISP to block some IP's which has been spammed with these packets. There wasn't any sheme in the source IP's, looked like they were spoofed, 500 different hosts are a lot. At the same time two networks of friends (all in Switzerland) were DDoSed also, with same sheme. One friend reported that at the same time one box which was running an old version of ssh was owned, or probably owned by the same guy who did the DDoS. I think the "attacker" has found the ip's to attack on IRC. The attacks started from 2pm until 5pm (CET). Greetings Michi ------------------------------------------------- DIGICOMP AG Michi Zaugg Network & Security Limmatstr. 50 8005 Zuerich mailto: michiat_private mob: +41 (0) 79 245 75 34 tel: +41 (0) 1 447 21 46 fax: +41 (0) 1 447 21 51 ------------------------------------------------- - we're the dot in .digicomp ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Dec 20 2001 - 11:37:21 PST