[squid-users] IRC - DDOS?

From: Wei Keong <chooweikeong@dont-contact.us>
Date: Tue, 13 May 2003 12:28:51 +0800 (Singapore Standard Time)

Hi,

We observes some kind of ddos lately. Initial investigation shows that a
few infected PCs will simultaneously generate a lot of TCP port 80 request
to a particular destination.

As we are running transparent proxy, this requests will consume a lot of
resources (especially open ports).

This is what we capture using ngrep in the squid box

T 192.x.x.x:23923 -> 192.x.x.x:80 [AP]
  USER Vortex 210.x.x.x 202.x.x.x :IRC Component..

Does anyone see the similar kind of attack? Any idea what kind of
backdoor/trojan is causing this?

Thanks,
Wei Keong
Received on Mon May 12 2003 - 22:22:50 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:16:36 MST