LISTSERV mailing list manager LISTSERV 15.5

Help for NORDNOG Archives


NORDNOG Archives

NORDNOG Archives


View:

Next Message | Previous Message
Next in Topic | Previous in Topic
Next by Same Author | Previous by Same Author
Chronologically | Most Recent First
Proportional Font | Monospaced Font

Options:

Join or Leave NORDNOG
Reply | Post New Message
Search Archives


Subject: Re: Any thoughts on port 1434
From: Tony Sarendal <[log in to unmask]>
Reply-To:Network management discussion for Nordic region <[log in to unmask]>
Date:Sat, 25 Jan 2003 14:06:31 +0100
Content-Type:text/plain
Parts/Attachments:
Parts/Attachments

text/plain (30 lines)


Mikael Abrahamsson wrote:
> On Sat, 25 Jan 2003, Kurt Erik Lindqvist wrote:
>
>
>>Looking at Netnod statistics there seems to be a few ISPs that have had
>>odd traffic patterns during the early morning CET.
>
>
> We were hit at 06:32, two customers compromised, both running at linerate
> (10megabit/s). We're still getting traffic over our global transits, we
> block them at several points in our network.
>
> At least the traffic amount isnt accelerating, seems that most infections
> were done in the first 5 minutes and the infected hosts are spewing
> traffic.
>
> If anything, I see traffing going down instad of up as the infected hosts
> are being discovered and filtered/removed.
>
> --
> Mikael Abrahamsson    email: [log in to unmask]
>
>

I see the same thing.

It also looks like places that reply with icmp port unreachable
gets 10x less hits that places that just dump the traffic.

/Tony Sarendal

Back to: Top of Message | Previous Page | Main NORDNOG Page

Permalink



LISTSRV.NORDU.NET

CataList Email List Search Powered by the LISTSERV Email List Manager