ahh then you have one of the new wormy things that scans aggressively for easy accounts on ssh. find src host and disinfect.
Steve On Fri, 1 Oct 2004, Jack Vizelter wrote: > > Investigation is still ongoing, but from what they can tell, majority of > the attempted connections have been going over TCP port 22. > > -jack > > -----Original Message----- > From: Josh Duffek [mailto:[EMAIL PROTECTED] > Sent: Friday, October 01, 2004 11:05 AM > To: Jack Vizelter; [EMAIL PROTECTED] > Subject: RE: Internet Connectivity > > Did you run a sniffer to get an idea of what all the traffic is? > Curious what, if any, port(s) are being flooded. > > J > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Jack Vizelter > Sent: Friday, October 01, 2004 9:56 AM > To: [EMAIL PROTECTED] > Subject: Internet Connectivity > > > We had several machines start spewing huge amounts of data causing our > pipe to the public Internet to stop. We had no traffic coming in or out > of the campus. We're unsure of whether it's virus related, but wanted > to inquire if anyone else has heard of or came across something similar. > It appears to be an DDOS attack, but, originating from the inside. This > started last night at about 10pm EST. > > Thanks, > -jack >
