David L. Gehrt wrote:
Actually the question mark is fraudulent. My gateway/firewall machine
has been under what appears to be a DDOS attack. A persistent,
continuous attack from several system directed at UDP port 16252. It
appears to be related to a CISCO RTR/SAA attack.
What I am interested in knowing if anyone else has experienced a
similar attack? The only thing I can think may have triggered this
was a report to a net administrator that his system might have been
compromised. A few hours later this seeming attack started.
Let me get this straight.....
First, you were not being attacked. Then, for some reason, you reported a
possible compromise to a network administrator. After that you started
detecting what you feel are DOS attacks from the network of the network
admin that you emailed to about the potential compromise.
Is that a valid summary?
No good deed goes unpunished. Before I retired I did some security work
for an employer. You would think I would've learned about sending email
alerts to admins of compromised systems. Retire and a few years later
you finds yourself violating the best practices. I will call the guy
tomorrow.
Feeling stupid.
If my summary is correct, then maybe the only "stupid" one is the net admin
that you contacted. He may be testing what he thinks you've reported and in
fact has no idea what you've told him.
