lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030126185040.GA13819@whoi.edu>
From: kkrueger at outbox.whoi.edu (Karl A. Krueger)
Subject: 100 Worms per Second, Courtesy of Telstra

Pardon my delurk, but this is very strange worm behavior.  We are seeing
100 SQL Worms per second from a single IP address on Telstra.  This is
about 10k times the level of activity we are seeing from any other
address.

Anyone here either know anyone at Telstra who can shut this off, or
perhaps at least some explanation of why this worm instance would set
aside its usual randomish behavior and flood us like this?

This is 1/10th of a second of tcpdump, from outside our firewall:

13:34:01.154816 203.50.0.215.2184 > xxx.yyy.46.59.1434:  udp 376
13:34:01.160223 203.50.0.215.2184 > xxx.yyy.99.76.1434:  udp 376
13:34:01.170387 203.50.0.215.2184 > xxx.yyy.205.52.1434:  udp 376
13:34:01.179743 203.50.0.215.2184 > xxx.yyy.55.37.1434:  udp 376
13:34:01.184178 203.50.0.215.2184 > xxx.yyy.108.128.1434:  udp 376
13:34:01.198594 203.50.0.215.2184 > xxx.yyy.11.30.1434:  udp 376
13:34:01.203094 203.50.0.215.2184 > xxx.yyy.64.129.1434:  udp 376
13:34:01.207258 203.50.0.215.2184 > xxx.yyy.117.38.1434:  udp 376
13:34:01.221870 203.50.0.215.2184 > xxx.yyy.20.162.1434:  udp 376
13:34:01.245105 203.50.0.215.2184 > xxx.yyy.29.152.1434:  udp 376
13:34:01.250175 203.50.0.215.2184 > xxx.yyy.82.143.1434:  udp 376

-- 
Karl A. Krueger <kkrueger@...i.edu>
Network Security -- Linux/Unix Systems Support -- Etc.
Woods Hole Oceanographic Institution


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ