AO for a DoS attack?

[grim_reaper1]

Wonder if anyone else noticed, someone tried to use AO for a DoS attack at 2:51pm today.

[MrLinus]

Wonder if anyone else noticed, someone tried to use AO for a DoS attack at 2:51pm today.

Uh... proof or logs to validate this?

Moved to a seperate thread in Misc Security.

[grim_reaper1]

Yes, I do have the logs, I can forward them to you also, they have already been sent to Qwest. Just tell me where to send it.

[MrLinus]

Just so for the information of others...

1) I have sent this to the appropriate admins here at Jupitermedia, our parent company to deal with.

2) After review the logs (or rather log as it seems to be a single culmulative log -- general OS IDSes tend not to be too descriptive) it is apparent that this is likely Slammer activity and.. it's quite likely not AO itself. Jupitermedia has a large block of IPs. After tracerouting both the IP you gave me and http://www.antionline.com itself, I noticed that the IPs were in vastly different subnets.

This however doesn't mean that someone didn't pull a "stupid" and double click on something. As I get more details that I can release I will let you know.

And in the future, if you or others have experienced suspected DoS or other "attacks" by AO, please do not hesitate to contact me first or any other moderator. We'd be more than glad to help to resolve the issue.

[grim_reaper1]

Just trying to help where I can.

[Cybr1d]

I noticed it too...lol it happened right in front of me. One second everything is running smoothly...then the next, everything started going extreeeeeeemely slow.

Thnx Grim. Would it be possible for me to get a copy of those logs? I'm getting into Computer FOrensics, and I'd like to see cases whenever I can.

Cheers,