<html>
<font size=3><br>
do you have any information on source addresses, or if the traffic was
valid media data?<br><br>
</font>--bob<br><br>
<br>
<font size=3>At 06:55 PM 1/23/2002 -0600, Michael Grobe
<grobe@raven.cc.ku.edu> wrote:<br>
<blockquote type=cite class=cite cite>to follow up on jeff's note....our
network guys have now characterized <br>
the high-traffic event experienced on jan 23, 2002 as:<br><br>
"...a large burst of traffic seemed to
occur every half hour <br>
from the times we were monitoring from 2:00 -
5:00 (CST)."<br><br>
and they have linked the event to a number of remote AG systems which
<br>
were probably in the Lobby....and, possibly, to some non AG
systems.<br>
investigation continues. <br><br>
:michael grobe<br>
university of kansas<br>
<br>
> Did anyone else happen to notice what would like a huge DoS
atack<br>
> between about 4:30 and 5:00 PM U.S. CST today (Jan. 23)? Our
campus was<br>
> suffering from huge problems with internet connectivity and one of
our<br>
> network folks saw something in a router that made him think it
might<br>
> have something to do with AG as the address was one of the
multicast<br>
> addresses for the Lobby. When we shut down our AG node(s) the
problem<br>
> suddenly disappeared. Now we'd like to try and find out if it
was pure<br>
> coincidence or if was somehow AG related. Our network guy said
the<br>
> traffic looked like huge (30KB?) UDP packets. So did anyone
else notice<br>
> problems during this timeframe?<br>
> <br>
> Jeff Long<br>
> University of Kansas<br>
> </font></blockquote></html>