[unisog] Czdlxy.163.com and High Bandwidth Utilisation

tim.lane at scu.edu.au tim.lane at scu.edu.au
Mon Aug 18 08:25:48 GMT 2008


Hi All,

we are having an anamoly occur on our network where our Internet link is experiencing 100% utilisation and the proxies are reporting massive downloads from Czdlxy.163.com  but the traffic does not seem to come inside our network to workstations, just to the proxies.

Czdlxy.163.com appears to be related to some Chinese Online Gaming website (but translation makes it difficult to pinpoint exactly).  This makes me think that either:

1)       Proxy servers are compromised and are hosting content
2)       Denial of service
3)       Traffic is actually going inside our network and we cannot see it (at this
stage).

I  realise this is basic informatin but has anyone heard of this site before or do they have any suggestions or thoughts on what could be occuring?  Is anyone else seeing something similar?

Thanks,

Tim Lane


Tim Lane 
Information Security Program Manager 

Information Technology and Telecommunication Services 
Southern Cross University 
PO Box 157 Lismore NSW 2480 

Phone (02) 6620 3290    Fax(02) 6620 3033   
Email: tlane at scu.edu.au 
http://www.scu.edu.au 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sans.org/pipermail/unisog/attachments/20080818/3114c857/attachment.htm 


More information about the unisog mailing list