LISTSERV mailing list manager LISTSERV 15.5

Help for NORDNOG Archives

NORDNOG Archives

NORDNOG Archives


Next Message | Previous Message
Next in Topic | Previous in Topic
Next by Same Author | Previous by Same Author
Chronologically | Most Recent First
Proportional Font | Monospaced Font


Join or Leave NORDNOG
Reply | Post New Message
Search Archives

Subject: Re: Any thoughts on port 1434
From: Tony Sarendal <[log in to unmask]>
Reply-To:Network management discussion for Nordic region <[log in to unmask]>
Date:Sat, 25 Jan 2003 14:06:31 +0100

text/plain (30 lines)

Mikael Abrahamsson wrote:
> On Sat, 25 Jan 2003, Kurt Erik Lindqvist wrote:
>>Looking at Netnod statistics there seems to be a few ISPs that have had
>>odd traffic patterns during the early morning CET.
> We were hit at 06:32, two customers compromised, both running at linerate
> (10megabit/s). We're still getting traffic over our global transits, we
> block them at several points in our network.
> At least the traffic amount isnt accelerating, seems that most infections
> were done in the first 5 minutes and the infected hosts are spewing
> traffic.
> If anything, I see traffing going down instad of up as the infected hosts
> are being discovered and filtered/removed.
> --
> Mikael Abrahamsson    email: [log in to unmask]

I see the same thing.

It also looks like places that reply with icmp port unreachable
gets 10x less hits that places that just dump the traffic.

/Tony Sarendal

Back to: Top of Message | Previous Page | Main NORDNOG Page



CataList Email List Search Powered by the LISTSERV Email List Manager