Yes, I do have a lot more detail. It's all been reported to MIT per their procedure. Unfortunately it comes down to "whatever is happening is happening in the MIT network, we'll take it from here, have a nice day" (Without a pause for breath even)
Up to a large point I have sympathy for them - it's no damn fun finding a specific system on any campus, and MIT is bigger than anything I've seen, even Berkeley. Mike- On Tue, 5 Feb 2008 20:09:10 +0000 (GMT), you wrote: >the inline snort station should show some more detail. do you have access to >your routers and switches ? > >Regards, > >-- >--[ UxBoD ]-- >// PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" >// Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 >// Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 >// Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED] > >----- "Michael W Cocke" <[EMAIL PROTECTED]> wrote: > >> I'll trade you - somewhere in MIT (20K+ computers) is hitting me >> twice >> per second with ICMP packets, and netops can't find who.... >> >> I had to degrade the logging on my snort-inline because the system >> was >> drowning. >> >> Mike- >> >> >> On Tue, 5 Feb 2008 13:58:30 -0500, you wrote: -- If you're not confused, you're not trying hard enough. -- Please note - Due to the intense volume of spam, we have installed site-wide spam filters at catherders.com. If email from you bounces, try non-HTML, non-encoded, non-attachments,
