[Dshield] TCP Port 1433 Syn Flood DOS Attack

Jon R. Kibler Jon.Kibler at aset.com
Tue Mar 11 15:35:28 GMT 2003


In the 'for what it is worth' category, we got hammered again this morning from the same IP as yesterday morning. The attack started about 35 minutes earlier than yesterday's attack. Also, unlike yesterday, the attack stopped exactly 1 hour (to the second) from when it started. 

We can easily prove we were hit 5,600+ times, and from a quick glance at the logs, I can reasonably guess we were probably hit more like 10,000-15,000 times. 

Still the same attack profile... TCP Port 1433 Syns are the only packets ever sent.

Any thoughts?

Jon R. Kibler
A.S.E.T., Inc.
Charleston, SC  USA



More information about the list mailing list