lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20030126185040.GA13819@whoi.edu> From: kkrueger at outbox.whoi.edu (Karl A. Krueger) Subject: 100 Worms per Second, Courtesy of Telstra Pardon my delurk, but this is very strange worm behavior. We are seeing 100 SQL Worms per second from a single IP address on Telstra. This is about 10k times the level of activity we are seeing from any other address. Anyone here either know anyone at Telstra who can shut this off, or perhaps at least some explanation of why this worm instance would set aside its usual randomish behavior and flood us like this? This is 1/10th of a second of tcpdump, from outside our firewall: 13:34:01.154816 203.50.0.215.2184 > xxx.yyy.46.59.1434: udp 376 13:34:01.160223 203.50.0.215.2184 > xxx.yyy.99.76.1434: udp 376 13:34:01.170387 203.50.0.215.2184 > xxx.yyy.205.52.1434: udp 376 13:34:01.179743 203.50.0.215.2184 > xxx.yyy.55.37.1434: udp 376 13:34:01.184178 203.50.0.215.2184 > xxx.yyy.108.128.1434: udp 376 13:34:01.198594 203.50.0.215.2184 > xxx.yyy.11.30.1434: udp 376 13:34:01.203094 203.50.0.215.2184 > xxx.yyy.64.129.1434: udp 376 13:34:01.207258 203.50.0.215.2184 > xxx.yyy.117.38.1434: udp 376 13:34:01.221870 203.50.0.215.2184 > xxx.yyy.20.162.1434: udp 376 13:34:01.245105 203.50.0.215.2184 > xxx.yyy.29.152.1434: udp 376 13:34:01.250175 203.50.0.215.2184 > xxx.yyy.82.143.1434: udp 376 -- Karl A. Krueger <kkrueger@...i.edu> Network Security -- Linux/Unix Systems Support -- Etc. Woods Hole Oceanographic Institution
Powered by blists - more mailing lists