[AG-TECH] AG DoS?
Michael Grobe
grobe at raven.cc.ku.edu
Thu Jan 24 11:17:24 CST 2002
bob:
>
> do you have any information on source addresses, or if the traffic was
> valid media data?
our networking group reported:
Hosts connecting to 224.2.177.155
January 23rd, 2001 13:56 - 17:21
Source Addresses | Hostname
===================================================
128.111.55.103 |
128.135.152.207 | ag-display.asci.uchicago.edu
128.135.152.209 | ag-video.asci.uchicago.edu
128.3.10.50 | agnode2.lbl.gov
129.237.25.5 | microdrm.cc.ku.edu
129.237.25.85 | microvrm.cc.ku.edu
130.37.42.36 | carolina.nat.vu.nl
130.37.42.38 | bucho.nat.vu.nl
131.193.77.101 | simpson.evl.uic.edu
131.193.77.102 | holtzer.evl.uic.edu
131.193.77.111 |
137.48.142.42 |
137.48.142.54 |
140.221.34.1 | ws-video.mcs.anl.gov
140.221.34.2 | ws-display.mcs.anl.gov
140.221.8.157 | dsl-agvideo.mcs.anl.gov
140.221.8.209 | dsl-agdisplay.mcs.anl.gov
142.55.1.201 | oa-ag-display.sheridanc.on.ca
142.55.1.204 | oa-ag-audio.sheridanc.on.ca
144.167.32.101 | display.ag.ualr.edu
150.131.15.190 | AGNDisplay.cs.umt.edu
150.131.15.191 | AGNVideoCapture.cs.umt.edu
150.29.224.11 |
150.29.224.12 |
192.12.188.22 | agdisplay.bu.edu
192.231.212.52 | ag2.vislab.usyd.edu.au
192.88.194.131 |
192.88.194.133 |
198.107.147.38 |
198.49.215.221 | chlagdisplay.ssc.usm.edu
198.49.215.223 | chlagvideo.ssc.usm.edu
207.75.164.86 | i2-agdisplay.internet2.edu
207.75.164.87 | i2-agvideo.internet2.edu
:michael
>
> At 06:55 PM 1/23/2002 -0600, Michael Grobe <grobe at raven.cc.ku.edu> wrote:
> >to follow up on jeff's note....our network guys have now characterized
> >the high-traffic event experienced on jan 23, 2002 as:
> >
> > "...a large burst of traffic seemed to occur every half hour
> > from the times we were monitoring from 2:00 - 5:00 (CST)."
> >
> >and they have linked the event to a number of remote AG systems which
> >were probably in the Lobby....and, possibly, to some non AG systems.
> >investigation continues.
> >
> >:michael grobe
> >university of kansas
> >
> > > Did anyone else happen to notice what would like a huge DoS atack
> > > between about 4:30 and 5:00 PM U.S. CST today (Jan. 23)? Our campus was
> > > suffering from huge problems with internet connectivity and one of our
> > > network folks saw something in a router that made him think it might
> > > have something to do with AG as the address was one of the multicast
> > > addresses for the Lobby. When we shut down our AG node(s) the problem
> > > suddenly disappeared. Now we'd like to try and find out if it was pure
> > > coincidence or if was somehow AG related. Our network guy said the
> > > traffic looked like huge (30KB?) UDP packets. So did anyone else notice
> > > problems during this timeframe?
> > >
> > > Jeff Long
> > > University of Kansas
> > >
>
> --=====================_94478422==_.ALT
> Content-Type: text/html; charset="us-ascii"
>
> <html>
> <font size=3><br>
> do you have any information on source addresses, or if the traffic was
> valid media data?<br><br>
> </font>--bob<br><br>
> <br>
> <font size=3>At 06:55 PM 1/23/2002 -0600, Michael Grobe
> <grobe at raven.cc.ku.edu> wrote:<br>
> <blockquote type=cite class=cite cite>to follow up on jeff's note....our
> network guys have now characterized <br>
> the high-traffic event experienced on jan 23, 2002 as:<br><br>
> "...a large burst of traffic seemed to
> occur every half hour <br>
> from the times we were monitoring from 2:00 -
> 5:00 (CST)."<br><br>
> and they have linked the event to a number of remote AG systems which
> <br>
> were probably in the Lobby....and, possibly, to some non AG
> systems.<br>
> investigation continues. <br><br>
> :michael grobe<br>
> university of kansas<br>
> <br>
> > Did anyone else happen to notice what would like a huge DoS
> atack<br>
> > between about 4:30 and 5:00 PM U.S. CST today (Jan. 23)? Our
> campus was<br>
> > suffering from huge problems with internet connectivity and one of
> our<br>
> > network folks saw something in a router that made him think it
> might<br>
> > have something to do with AG as the address was one of the
> multicast<br>
> > addresses for the Lobby. When we shut down our AG node(s) the
> problem<br>
> > suddenly disappeared. Now we'd like to try and find out if it
> was pure<br>
> > coincidence or if was somehow AG related. Our network guy said
> the<br>
> > traffic looked like huge (30KB?) UDP packets. So did anyone
> else notice<br>
> > problems during this timeframe?<br>
> > <br>
> > Jeff Long<br>
> > University of Kansas<br>
> > </font></blockquote></html>
>
> --=====================_94478422==_.ALT--
>
>
More information about the ag-tech
mailing list