| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4808B280.8000300@csuohio.edu> Date: Fri, 18 Apr 2008 10:38:56 -0400 From: Michael Holstein <michael.holstein@...ohio.edu> To: Ganbold <ganbold@...om.mng.net> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: lots of connections to 64.40.117.19 port 80 > Recently I have seen a lots of connections to 64.40.117.19 port 80 in > one of our clients network. > could be a lot of things .. do you have tcpdump? .. a packet trace would make your attempt at collective troubleshooting a *lot* easier .. but DDOS is an easy "malicious" guess. Non-malicious ones could be something like a blog/article on that box that just got featured on Digg/Slashdot/etc. > Connections are coming from all over the Internet (various different > IPs) specifically to this IP. > Yeah .. that's how the Internet works. > What kind of problem this could be? > Has anybody seen this kind of attack before? > Do you admin that box at 64.40.117.19? .. if it's a webserver, check the logs .. what's being requested? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists