[unisog] Previous Thread on Increased Probes

Peter Van Epp vanepp at sfu.ca
Fri Jul 23 18:47:55 GMT 2004


	Sorry, I wasn't clear enough. I expect spam controllers are the source 
of Glen's 113 probes. The 23 probes look to be a DDOS attack (I know because
on of my subnets, probably in the form of a single host forging source 
addresses, was participating last night :-)). The one here is using addresses 
in the class C that don't exist (it may well be using random addresses and the 
anti spoof filters are puffing their little cheeks up discarding them, or the 
attacker may have probed what will get out and adjusted accordingly). I
haven't had a chance to look at the port scanning alarm list this morning yet,
and with only apparantly 2 hosts being targeted it may not show up clearly
enough to get whacked anyway (other than I know know its there and will 
deal with it). Haven't yet identified the control channel but likely IRC from
past experience.

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

On Fri, Jul 23, 2004 at 11:19:21AM -0700, Lois Lehman wrote:
> Peter, this traffic is targeted at the telnet port.
> 
> Lois Lehman
> College Network Security Manager
> Physical Sciences Computer Support Manager
> College of Liberal Arts & Sciences
> Arizona State University
> 480-965-3139
> 
> 



More information about the unisog mailing list