[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] lots of connections to 64.40.117.19 port 80

To: Ganbold <ganbold@xxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] lots of connections to 64.40.117.19 port 80
From: Michael Holstein <michael.holstein@xxxxxxxxxxx>
Date: Fri, 18 Apr 2008 10:38:56 -0400

> Recently I have seen a lots of connections to 64.40.117.19 port 80 in 
> one of our clients network.
>   

could be a lot of things .. do you have tcpdump? .. a packet trace would 
make your attempt at collective troubleshooting a *lot* easier .. but 
DDOS is an easy "malicious" guess. Non-malicious ones could be something 
like a blog/article on that box that just got featured on Digg/Slashdot/etc.

> Connections are coming from all over the Internet (various different 
> IPs) specifically to this IP.
>   

Yeah .. that's how the Internet works.

> What kind of problem this could be?
> Has anybody seen this kind of attack before?
>   

Do you admin that box at 64.40.117.19? .. if it's a webserver, check the 
logs .. what's being requested?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] lots of connections to 64.40.117.19 port 80
  - From: Ganbold

Prev by Date: [Full-disclosure] [ GLSA 200804-22 ] PowerDNS Recursor: DNS Cache Poisoning
Next by Date: Re: [Full-disclosure] lots of connections to 64.40.117.19 port 80
Previous by thread: [Full-disclosure] lots of connections to 64.40.117.19 port 80
Next by thread: Re: [Full-disclosure] lots of connections to 64.40.117.19 port 80
Index(es):
- Date
- Thread