[BlueOnyx:12631] Re: You may have been a unwitting part of this:
George F. Nemeyer
tigerwolf at tigerden.com
Thu Mar 28 08:39:47 -05 2013
On Thu, 28 Mar 2013, Wayne Michael wrote:
> > From: "George F. Nemeyer" <tigerwolf at tigerden.com>
> >
> > You may have been a unwitting part of this:
> >
> > http://blog.cloudflare.com/the-ddos-that-knocked-spamhaus-offline-and-ho
> >
>
> Indeed I was did have this incorrectly configured. Thanks for sharing!
For those that may not be in the US, the Spamhaus DDoS attack has been in
*all* the major TV network newscasts in the last day. It's also been in
various worldwide sites like BBC.
The attack seems to be worsening, and, unable to successfully bring down
SpamHaus DNS lookups, is going after larger infrastructure which is
causing worldwide slowing of the net.
It's good time to keep an eye on your networks for unusual traffic.
Just watching the ethernet light if you can physically see your machines
or switches/routers can help spot a machine being exploited, as it will be
on nearly constantly.
Other good tools are iptraf and iftop. Those will help you spot TCP and
ICP traffic by port and see where it's going. I find iftop to be
invaluable for getting a feel of what 'normal' should look like.
=^_^= Tigerwolf
More information about the Blueonyx
mailing list