Howard Lowndes wrote:
> If anyone has noticed an ICMP type 0 DoS attack in the past day or so
> could they please contact me off list.
Nope...
> I suffered one for exactly 5 hours yesterday, specifically targetted at my
> publicly accessible server. It flatlined my link, unfortunately I wasn't
> in the office at the time so I didn't know about it until too late.
What I have noticed, is a high amount of port 21 netblock scans (20 to 30 per day)
(most likely for RedHat wu-ftpd) and port 12345 (Netbus, BO) scans (40 to 50 per day
over 2 subnets).
The last time I saw this many scans per day, a short while after they stopped, the
DDoS's on Yahoo and Ebay sprouted.
<conspiracy theory>
Makes one wonder if they are testing the water for an attack on us Aussies
</conspiracy theory>
I know there's been alot of talk on this list about scans and probes and when they
occured and stuff, so it's probably not a good idea to revisit it too much, but is
anyone else noticing a high amount of these scans across their own subnets?
Kind regards,
--
Troy Bell [EMAIL PROTECTED]
Systems Administrator +61 7 3620 1903
Asia Online (Brisbane) http://www.asiaonline.net/
Never argue with idiots - they'll bring you down to their
level and then beat you with experience.
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
