On 25/02/2010, at 6:13 AM, Alex H. Ryu wrote:
>
> Today I jumped into one of our routers, and I found that 1.0.0.0/8 is
> announced from AS237, which is MERIT.
>
>
>NetworkNext HopMetric LocPrf Weight Path
> *> 1.0.0.0/8 4.59.200.5 0 60 0 (6
On Tue, Feb 23, 2010 at 11:46 AM, Paul Stewart
wrote:
> The problem is that a user on this box appears to be launching high
> traffic DOS attacks from it towards other sites. These are UDP based
> floods that move around from time to time - most of these attacks only
> last a few minutes.
Do the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2/24/2010 2:21 PM, Jim Popovitch wrote:
> 2010/2/24 Alex H. Ryu :
>>
>> Today I jumped into one of our routers, and I found that 1.0.0.0/8 is
>> announced from AS237, which is MERIT.
>
> IIRC, there was an email/wiki/announcement last month about 1
On Wed, 2010-02-24 at 14:21 -0500, Jim Popovitch wrote:
> 2010/2/24 Alex H. Ryu :
> >
> > Today I jumped into one of our routers, and I found that 1.0.0.0/8 is
> > announced from AS237, which is MERIT.
>
> IIRC, there was an email/wiki/announcement last month about 1/8
> undergoing some testing so
2010/2/24 Alex H. Ryu :
>
> Today I jumped into one of our routers, and I found that 1.0.0.0/8 is
> announced from AS237, which is MERIT.
IIRC, there was an email/wiki/announcement last month about 1/8
undergoing some testing soon.
-Jim P.
I am seeing the same thing:
1.0.0.0/8 *[BGP/170] 3d 13:48:10, MED 0, localpref 100, from
206.223.138.126
AS path: 3549 7018 237 I
On Feb 24, 2010, at 2:13 PM, Alex H. Ryu wrote:
Today I jumped into one of our routers, and I found that 1.0.0.0/8 is
announced
Today I jumped into one of our routers, and I found that 1.0.0.0/8 is
announced from AS237, which is MERIT.
NetworkNext HopMetric LocPrf Weight Path
*> 1.0.0.0/8 4.59.200.5 0 60 0 (65001
65105) 3356 7018 237 i
Is this supposed to be?
I though
On Tue, Feb 23, 2010 at 02:55:40PM -0600, Chris Adams wrote:
> Once upon a time, Matt Sprague said:
> > The user could also be running the command inline somehow or deleting
> > the file when they log off. Check who was logged onto the server at
> > the time of the attack to narrow down your sea
Thomas Kernen wrote:
On 2/21/10 7:41 PM, Joel M Snyder wrote:
We are migrating our web server from platform A to mutually incompatible
platform B and as a result the 7-year-old DCL script I wrote that does
Looking Glass for us needs to be replaced. (from my comments, looks like
I stole the idea
On Wed, Feb 24, 2010 at 8:21 AM, Rich Kulawiec wrote:
> On Sun, Feb 21, 2010 at 10:59:08PM -0600, James Hess wrote:
>> But if the origin domain has not provided SPF records, there are some
>> unusual cases left open, where a bounce to a potentially fake address
>> may still be required.
>
> Noth
On Sun, Feb 21, 2010 at 10:59:08PM -0600, James Hess wrote:
> But if the origin domain has not provided SPF records, there are some
> unusual cases left open, where a bounce to a potentially fake address
> may still be required.
Third time: SPF plays no role in mitigating this. Nothing stops an
On 2/23/2010 5:38 PM, Nathan Ward wrote:
Using lsof, netstat, ls, ps, looking through proc with ls, cat, etc. is likely
to not work if there's a rootkit on the box. The whole point of a rootkit is to
hide processes and files from these tools.
Get some statically linked versions of these bins o
The problem is that a user on this box appears to be launching high
traffic DOS attacks from it towards other sites. These are UDP based
floods that move around from time to time - most of these attacks only
last a few minutes.
Maybe it's not 'malicious' at all. For instance, is there a Bitt
13 matches
Mail list logo
