[unisog] Strange packets to random addresses in our network
pete at shadows.uottawa.ca
Mon Dec 29 01:11:16 GMT 2003
On Mon, Dec 29, 2003 at 10:46:53AM +1300, Russell Fulton wrote:
> About a week a go we started seeing a steady trickle (1100 over the last
> 3 days) of these packet hitting our network. Source address is always
> the same (22.214.171.124) as is the source port (443) destination port and
> address appear to be random.
I'm seeing the something similar. Last Sunday and Monday, there
was about 2000/day. Since then, it has only been about 180/day.
Same as you...random port.
> I doubt if this is malicious, my first thought that it might be fall out
> from a DoS on 126.96.36.199 but it has been going on for a week now so
> that seems unlikely.
Looks to me like some kind of back-scatter from a DDoS... (But I would
think the SYN would be set) Looks like last Sun/Mon was the brunt of
the attack. What has been going on since Mon is probably just
some residual noise that isn't effecting them that much.
More information about the unisog