[unisog] Czdlxy.163.com and High Bandwidth Utilisation
tim.lane at scu.edu.au
tim.lane at scu.edu.au
Mon Aug 18 08:25:48 GMT 2008
Hi All,
we are having an anamoly occur on our network where our Internet link is experiencing 100% utilisation and the proxies are reporting massive downloads from Czdlxy.163.com but the traffic does not seem to come inside our network to workstations, just to the proxies.
Czdlxy.163.com appears to be related to some Chinese Online Gaming website (but translation makes it difficult to pinpoint exactly). This makes me think that either:
1) Proxy servers are compromised and are hosting content
2) Denial of service
3) Traffic is actually going inside our network and we cannot see it (at this
stage).
I realise this is basic informatin but has anyone heard of this site before or do they have any suggestions or thoughts on what could be occuring? Is anyone else seeing something similar?
Thanks,
Tim Lane
Tim Lane
Information Security Program Manager
Information Technology and Telecommunication Services
Southern Cross University
PO Box 157 Lismore NSW 2480
Phone (02) 6620 3290 Fax(02) 6620 3033
Email: tlane at scu.edu.au
http://www.scu.edu.au
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sans.org/pipermail/unisog/attachments/20080818/3114c857/attachment.htm
More information about the unisog
mailing list