Closed
Bug 1263604
Opened 8 years ago
Closed 8 years ago
Traffic anomaly wanguard alerts for mtv2/sfo1 pbx hosts
Categories
(Infrastructure & Operations Graveyard :: NetOps, task)
Infrastructure & Operations Graveyard
NetOps
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: pir, Assigned: dcurado)
Details
1) Incident #28992 Opened on: Apr 11 at 2:41 PM BST Service: Wanguard (Traffic anomalies (DDoS, high usage, etc..) and netflow collector) Description: Traffic anomaly detected to pbx1.p2p.sfo1.mozilla.com (External SFO1) (Thresholds Offices DDoS) Link: https://mozilla.pagerduty.com/i/28992 Escalation Policy: MOC Details: direction_to_from: to ip: 63.245.219.52 decoder: TCP+SYN duration: 140 total_pps: 856 total_bps: 411006 severity: 3.2400 ip_group: External SFO1 ip_dns: pbx1.p2p.sfo1.mozilla.com template: Thresholds Offices DDoS anomaly: TCP+SYN pkts/s > 25 sensor: border1.sjc2 [Core_ border1.pao1_xe-1_2_0 {Abovenet W03180-00}] 2) Incident #28993 Opened on: Apr 11 at 2:41 PM BST Service: Wanguard (Traffic anomalies (DDoS, high usage, etc..) and netflow collector) Description: Traffic anomaly detected to pbx1.p2p.sfo1.mozilla.com (External SFO1) (Thresholds Offices DDoS) Link: https://mozilla.pagerduty.com/i/28993 Escalation Policy: MOC Details: direction_to_from: to ip: 63.245.219.52 decoder: TCP+SYN duration: 140 total_pps: 856 total_bps: 411006 severity: 3.2400 ip_group: External SFO1 ip_dns: pbx1.p2p.sfo1.mozilla.com template: Thresholds Offices DDoS anomaly: TCP+SYN pkts/s > 25 sensor: border1.sjc2 [Transit_ Telia (AS 1299) {IC 155747}] 3) Incident #28994 Opened on: Apr 11 at 2:41 PM BST Service: Wanguard (Traffic anomalies (DDoS, high usage, etc..) and netflow collector) Description: Traffic anomaly detected to pbx.mtv2.mozilla.com (External MTV2) (Thresholds Offices DDoS) Link: https://mozilla.pagerduty.com/i/28994 Escalation Policy: MOC Details: direction_to_from: to ip: 63.245.221.35 decoder: TCP+SYN duration: 140 total_pps: 442 total_bps: 212388 severity: 1.7200 ip_group: External MTV2 ip_dns: pbx.mtv2.mozilla.com template: Thresholds Offices DDoS anomaly: TCP+SYN pkts/s > 25 sensor: border1.sjc2 [Transit_ Telia (AS 1299) {IC 155747}]
Reporter | ||
Comment 1•8 years ago
|
||
Resolved by: API at Apr 11 at 2:49 PM BST
Reporter | ||
Comment 2•8 years ago
|
||
1) Incident #28995 Opened on: Apr 11 at 3:05 PM BST Service: Wanguard (Traffic anomalies (DDoS, high usage, etc..) and netflow collector) Description: Traffic anomaly detected to pbx1.p2p.sfo1.mozilla.com (External SFO1) (Thresholds Offices DDoS) Link: https://mozilla.pagerduty.com/i/28995 Escalation Policy: MOC Details: direction_to_from: to ip: 63.245.219.52 decoder: TCP+SYN duration: 140 total_pps: 797 total_bps: 382743 severity: 2.9600 ip_group: External SFO1 ip_dns: pbx1.p2p.sfo1.mozilla.com template: Thresholds Offices DDoS anomaly: TCP+SYN pkts/s > 25 sensor: border1.sjc2 [Core_ border1.pao1_xe-1_2_0 {Abovenet W03180-00}] 2) Incident #28996 Opened on: Apr 11 at 3:05 PM BST Service: Wanguard (Traffic anomalies (DDoS, high usage, etc..) and netflow collector) Description: Traffic anomaly detected to pbx.mtv2.mozilla.com (External MTV2) (Thresholds Offices DDoS) Link: https://mozilla.pagerduty.com/i/28996 Escalation Policy: MOC Details: direction_to_from: to ip: 63.245.221.35 decoder: TCP+SYN duration: 140 total_pps: 382 total_bps: 183360 severity: 1.4800 ip_group: External MTV2 ip_dns: pbx.mtv2.mozilla.com template: Thresholds Offices DDoS anomaly: TCP+SYN pkts/s > 25 sensor: border1.sjc2 [Transit_ Telia (AS 1299) {IC 155747}] 3) Incident #28997 Opened on: Apr 11 at 3:05 PM BST Service: Wanguard (Traffic anomalies (DDoS, high usage, etc..) and netflow collector) Description: Traffic anomaly detected to pbx1.p2p.sfo1.mozilla.com (External SFO1) (Thresholds Offices DDoS) Link: https://mozilla.pagerduty.com/i/28997 Escalation Policy: MOC Details: direction_to_from: to ip: 63.245.219.52 decoder: TCP+SYN duration: 140 total_pps: 797 total_bps: 382743 severity: 2.9600 ip_group: External SFO1 ip_dns: pbx1.p2p.sfo1.mozilla.com template: Thresholds Offices DDoS anomaly: TCP+SYN pkts/s > 25 sensor: border1.sjc2 [Transit_ Telia (AS 1299) {IC 155747}]
Assignee | ||
Comment 3•8 years ago
|
||
Thank you for opening this bug. Looks like a very brief syn flood -- not sure if "flood" is all that accurate. Not going to take any action on this at this time. If it repeats, it warrants a closer look. Thanks again.
Assignee: network-operations → dcurado
Status: NEW → ASSIGNED
Assignee | ||
Updated•8 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
Updated•2 years ago
|
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•