|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: distributed attack, high or not
In message <[email protected]>, "Joseph T. Klein" writes: > >I define it as random because the traffic rise could be seen >coming in from multiple providers and looked to be the same >percent from all sources (separate routers with separate >interfaces to separate ASNs in separate geographic locations). >The traffic was inbound and not backsplash from randomized >source addresses. > >It looks to me like a infection with someone turning a control >knob. Is this common or a precusor of a bad thing? > It's a classic DDoS attack, aimed at you. Someone has lots of zombie machines out there; at some point, they sent a command packet to all of them, saying "bombard such-and-such an IP address for 3600 seconds". Common? It happens frequently to someone. Precursor? Entirely possible, though there's no way to know for sure. But it can be very bad -- see http://news.zdnet.co.uk/story/0,,t269-s2103098,00.html for what happened to a British ISP. --Steve Bellovin, http://www.research.att.com/~smb Full text of "Firewalls" book now at http://www.wilyhacker.com
|