Attack!?!

[Ed Greshko]

David L. Gehrt wrote:
> Actually  the question mark is fraudulent.  My gateway/firewall machine
> has been under what appears to be a DDOS attack.  A persistent,
> continuous attack from several system directed at UDP port 16252.  It
> appears to be related to a CISCO RTR/SAA attack.
> 
> What I am interested in knowing if anyone else has experienced a
> similar attack?  The only thing   I can think may have triggered this
> was a report to a net administrator that his system might have been
> compromised. A few hours later this seeming  attack started.

Let me get this straight.....

First, you were not being attacked.  Then, for some reason, you reported a 
possible compromise to a network administrator.  After that you started 
detecting what you feel are DOS attacks from the network of the network 
admin that you emailed to about the potential compromise.

Is that a valid summary?

> No good deed goes unpunished. Before I retired I did some security work
> for an employer.  You would think I would've learned about sending email
> alerts  to admins of compromised systems.   Retire and a few years later
> you finds yourself violating the best practices.  I will call the guy
> tomorrow.
> 
> Feeling stupid.

If my summary is correct, then maybe the only "stupid" one is the net admin 
that you contacted.  He may be testing what he thinks you've reported and in 
fact has no idea what you've told him.