RE: Has Anyone seen this?From: Stewart John H SSSD (StewartJH@SUPSHIP.NAVY.MIL)
- Previous message: Renouf, Phillip: "RE: PWL files"
- Maybe in reply to: Seth Keller: "Has Anyone seen this?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <76B92C2FC548D311A2DA0008C791893403551384@sssdexch.sssd.navy.mil> From: Stewart John H SSSD <StewartJH@SUPSHIP.NAVY.MIL> To: "'Roberto Moncayo'" <email@example.com>, Seth Keller <firstname.lastname@example.org> Subject: RE: Has Anyone seen this? Date: Fri, 23 Nov 2001 10:37:35 -0800
They are streaming media sites serving up mostly audio files.
Information Systems Security Manager
(619) 726-1580 (Cell/Pager)
From: Roberto Moncayo [mailto:email@example.com]
Sent: Thursday, November 22, 2001 4:33 PM
To: Seth Keller
Subject: Re: Has Anyone seen this?
At the first, try using a Access List in your border router..... here is
some information about the IP
iBEAM Broadcasting Corporation (NETBLK-IBEAM)
645 Almanor Ave, Suite 100
Sunnyvale, CA 94086
Netblock: 22.214.171.124 - 126.96.36.199
Newton, Mike (MN179-ARIN) firstname.lastname@example.org
Domain System inverse mapping provided by:
ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
Record last updated on 02-May-2001.
Database last updated on 21-Nov-2001 19:54:03 EDT.
----- Original Message -----
From: "Seth Keller" <email@example.com>
Sent: Wednesday, November 21, 2001 2:39 PM
Subject: Has Anyone seen this?
> I don't think my first post made it through, so here goes again. Our web
server has been completely bombarded for about four hours now by a specific
range of IP addresses. Our T1 line has been at 100% capacity during this
ordeal. We are receiving around 250 packets per second from a range of IPs
that I cannot completely trace.
> The range is 188.8.131.52 through 184.108.40.206. All packets appear
to be legit http requests for port 80. The requests cycle through from one
IP after the next and then the cycle starts over. I have tried using
http://www.network-tools.com to trace the numbers to no avail. I can only
get within the last five nodes before the trace times out.
> Does anyone have any ideas what this may be? I'm thinking maybe a new
worm or a DOS but I'm not sure yet. Thanks in advance.
> Seth Keller
> Culver Community Schools
> Intel Certified Integration Specialist 2000/2001