Hi,
We observes some kind of ddos lately. Initial investigation shows that a
few infected PCs will simultaneously generate a lot of TCP port 80 request
to a particular destination.
As we are running transparent proxy, this requests will consume a lot of
resources (especially open ports).
This is what we capture using ngrep in the squid box
T 192.x.x.x:23923 -> 192.x.x.x:80 [AP]
USER Vortex 210.x.x.x 202.x.x.x :IRC Component..
Does anyone see the similar kind of attack? Any idea what kind of
backdoor/trojan is causing this?
Thanks,
Wei Keong
Received on Mon May 12 2003 - 22:22:50 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:16:36 MST