Attack Against Port 6881?
Andrew Smith
andrew at coolchilli.com
Wed Feb 5 09:39:45 EST 2003
> Interesting to note that they kept trying to connect at 4 second
> intervals, nonstop for 4 days, and Telstra just let the packets on
> through (don't they know how to recognise a DDoS yet?).
>
> > They can't try telling me it was 6Gb worth of traffic either - there was
> > no traffic, just SYN packets. There was no data exchanged. Well...
> > they'll probably try telling me that it was traffic, but there's no
> > indication from my end that Telstra wasn't just flooding my link with
> > bogus SYN packets to boost their income for the month.
> >
>
> SYN packets _are_ traffic - 40 bytes per packet.
Alex, 40bytes/packet * 15 per minute * 60 per hour * 24 hours * 4 days = 3.4
Million bytes (base 10) per errant host.
At that rate it would take quite a lot of hosts to get to 6GB. Are you sure
there was no legit traffic which would cause it?
Andrew
More information about the linux
mailing list