Home page logo
/

nanog logo nanog mailing list archives

DDoS traffic
From: Matthew Sullivan <matthew () sorbs net>
Date: Fri, 22 Aug 2003 21:04:14 +1000


Hi All,

My appologies if this is against the group topic (and someone please let me know so I will not post again if I come to the same position)...

Is there a member of Comcast Abuse here...

For some time now a host has been attempting to DoS (as part of a larger DDoS) one of my machines. I have a reporting script that has now been running for at least 24 hours with no change in the traffic (even Kornet has clean up their reported hosts)...

Sample from a few minutes ago:
21:02:42.538809 24.98.155.201.4002 > 203.15.51.44.3995: udp 1015
21:02:42.640085 24.98.155.201.4002 > 203.15.51.44.3995: udp 1022
21:02:42.777978 24.98.155.201.4002 > 203.15.51.44.8864: udp 1019
21:02:42.854118 24.98.155.201.4002 > 203.15.51.44.12814: udp 1018
21:02:42.971654 24.98.155.201.4002 > 203.15.51.44.12814: udp 1019
21:02:43.082695 24.98.155.201.4002 > 203.15.51.44.31305: udp 1017
21:02:43.215009 24.98.155.201.4002 > 203.15.51.44.31305: udp 1019
21:02:43.307266 24.98.155.201.4002 > 203.15.51.44.25940: udp 1023
21:02:43.419239 24.98.155.201.4002 > 203.15.51.44.13263: udp 1022
21:02:43.503134 24.98.155.201.4002 > 203.15.51.44.13263: udp 1017
21:02:43.650252 24.98.155.201.4002 > 203.15.51.44.26162: udp 1018
21:02:43.711223 24.98.155.201.4002 > 203.15.51.44.25159: udp 1015
21:02:43.843544 24.98.155.201.4002 > 203.15.51.44.25159: udp 1017
21:02:43.964055 24.98.155.201.4002 > 203.15.51.44.4333: udp 1023
21:02:44.049052 24.98.155.201.4002 > 203.15.51.44.4333: udp 1020
21:02:44.180422 24.98.155.201.4002 > 203.15.51.44.28683: udp 1023

Thank you.


  By Date           By Thread  

Current thread:
  • DDoS traffic Matthew Sullivan (Aug 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]