Attack!?!
Ed Greshko
Ed.Greshko at greshko.com
Mon Jan 7 05:39:56 UTC 2008
David L. Gehrt wrote:
> Actually the question mark is fraudulent. My gateway/firewall machine
> has been under what appears to be a DDOS attack. A persistent,
> continuous attack from several system directed at UDP port 16252. It
> appears to be related to a CISCO RTR/SAA attack.
>
> What I am interested in knowing if anyone else has experienced a
> similar attack? The only thing I can think may have triggered this
> was a report to a net administrator that his system might have been
> compromised. A few hours later this seeming attack started.
Let me get this straight.....
First, you were not being attacked. Then, for some reason, you reported a
possible compromise to a network administrator. After that you started
detecting what you feel are DOS attacks from the network of the network
admin that you emailed to about the potential compromise.
Is that a valid summary?
> No good deed goes unpunished. Before I retired I did some security work
> for an employer. You would think I would've learned about sending email
> alerts to admins of compromised systems. Retire and a few years later
> you finds yourself violating the best practices. I will call the guy
> tomorrow.
>
> Feeling stupid.
If my summary is correct, then maybe the only "stupid" one is the net admin
that you contacted. He may be testing what he thinks you've reported and in
fact has no idea what you've told him.
More information about the fedora-list
mailing list