|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Level3 routing issues?
From: "Dave Stewart"
>
> Lots of traffic on udp port 1434 coming in here via TW Telecom and Sprint
>
> Looks like we may have a winner for DDoS of the year (so far)
>
Temporary block in place. My border cpu was starting to hammer up.
Outbound stat about 2 minutes later:
deny udp any any eq 1434 (445523 matches)
permit ip 69.8.0.0 0.0.63.255 any (55749 matches)
permit ip 206.27.138.0 0.0.1.255 any
permit ip 206.30.96.0 0.0.31.255 any (97851 matches)
permit ip 205.162.224.0 0.0.15.255 any (146920 matches)
permit ip 205.240.128.0 0.0.15.255 any (49146 matches)
permit ip 204.249.192.0 0.0.15.255 any (27351 matches)
permit ip 192.133.7.0 0.0.0.255 any (5 matches)
permit ip 63.136.128.0 0.0.3.255 any (379 matches)
permit ip 216.226.0.0 0.0.31.255 any (27173 matches)
permit ip 64.58.32.0 0.0.15.255 any (17368 matches)
permit ip 206.230.34.128 0.0.0.127 any
permit ip 209.54.40.0 0.0.1.255 any
permit ip 206.61.140.0 0.0.0.255 any (52 matches)
Inbound stat at same time:
deny udp any any eq 1434 (53534 matches)
permit ip any any (431556 matches)
cpu load drop of about 20%....Definately a bad port. virus suspected due to
inbound and outbound.
Jack Bates
Network Engineer
BrightNet Oklahoma
|