[BlueOnyx:12635] Re: You may have been a unwitting part of this:
Chris Gebhardt - VIRTBIZ Internet
cobaltfacts at virtbiz.com
Fri Mar 29 05:25:41 -05 2013
On 3/28/2013 8:39 AM, George F. Nemeyer wrote:
> It's good time to keep an eye on your networks for unusual traffic.
Yeah, no kidding. We took a look at the end of last week after noticing
that our outbound peer traffic was around 150Mbps more than what it
typically hovers at. Traffic of course has its peaks and valleys but we
were seeing a good 150Mbps increase over the prior days with no good
explanation.
> Just watching the ethernet light if you can physically see your machines
> or switches/routers can help spot a machine being exploited, as it will be
> on nearly constantly.
Yes, or in our case, we do employ extensive historical graphing across
all network assets. We spotted a couple of drops to customer equipment
that looked especially out of place in terms of the amount of traffic
they typically use. In one case, a customer that for 6 years had been
running consistently under 1Mbps at 95th percentile was suddenly fully
saturating a 100Mbps drop for almost 2 days. We reached out to them and
asked them to close up their recursive DNS hole. The traffic dropped
back to normal levels.
After finding the really obvious ones, we started looking across the
entire network and testing for open nameservers and have proactively
contacted customers whether they are being exploited (yet) or not.
--
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated
www.virtbiz.com | toll-free (866) 4 VIRTBIZ
More information about the Blueonyx
mailing list