[Full-disclosure] lots of connections to 64.40.117.19 port 80
Michael Holstein
michael.holstein at csuohio.edu
Fri Apr 18 15:38:56 BST 2008
> Recently I have seen a lots of connections to 64.40.117.19 port 80 in
> one of our clients network.
>
could be a lot of things .. do you have tcpdump? .. a packet trace would
make your attempt at collective troubleshooting a *lot* easier .. but
DDOS is an easy "malicious" guess. Non-malicious ones could be something
like a blog/article on that box that just got featured on Digg/Slashdot/etc.
> Connections are coming from all over the Internet (various different
> IPs) specifically to this IP.
>
Yeah .. that's how the Internet works.
> What kind of problem this could be?
> Has anybody seen this kind of attack before?
>
Do you admin that box at 64.40.117.19? .. if it's a webserver, check the
logs .. what's being requested?
Full-Disclosure is hosted and sponsored by Secunia.