nanog mailing list archives
Re: Tracing where it started
From: Pete Ashdown <pashdown () xmission com>
Date: Sat, 25 Jan 2003 14:14:49 -0700
It might be interesting if some people were to post when they received their first attack packet, and where it came from, if they happened to be logging. Here is the first packet we logged: Jan 25 00:29:37 EST 216.66.11.120
A quick followup to my previous message. I found an earlier attempt in the *:29 window on my home firewall. I don't know if this is due to Cisco logging lag or what. In any case, its interesting how relatively close it is to Phil's IP, but they are different networks. Again the time is in MDT: Jan 24 22:29:25 chariot kernel: fp=UDP-FORWARD:1 a=DROP IN=eth0 OUT=eth3 SRC=216.64.162.15 DST=166.70.201.243 LEN=404 TOS=0x00 PREC=0x00 TTL=111 ID=4917 PROTO=UDP SPT=2958 DPT=1434 LEN=384
Current thread:
- Re: mSQL Attack/Peering/OBGP/Optical exchange, (continued)
- Re: mSQL Attack/Peering/OBGP/Optical exchange Jack Bates (Jan 31)
- Re: mSQL Attack/Peering/OBGP/Optical exchange Stephen Stuart (Jan 31)
- Re: mSQL Attack/Peering/OBGP/Optical exchange Iljitsch van Beijnum (Jan 31)
- Re: mSQL Attack/Peering/OBGP/Optical exchange Jack Bates (Jan 31)
- Re: Tracing where it started Stephen Milton (Jan 26)
- Re: Tracing where it started Brian Coyle (Jan 25)
- Re: Tracing where it started Charles Sprickman (Jan 25)
- Re: Tracing where it started Brian Coyle (Jan 25)