The outage the evening of 3/15/2000 was caused by a denial of service attack aimed at eskimo and mx1. The volume of this attack was the worst I've ever seen, it absolutely completely saturated both T1's, to the point where the data lights on the DSU/CSU's were blinking, and I've never seen it that bad. I do not know the form of the attack, it could have been ICMP, UDP, or SYN flood since the machines attacked were by way of the services they provide, vunerable to all three types of attacks. Usually attacks target IRC related systems so this was unusual. It looked like a SYN flood because it exhaused eskimo's mbuf's, something that can be done with a high volume SYN flood, and it caused mx1 to lock-up with no error at all. The fact that the severity was such that it rendered both machines inoperable made it difficult to determine the type of attack. The attack itself lasted about fifteen minutes but we had to reboot servers because of it and Eskimo didn't run right after initially booted. One file system on mx1 was corrupted and it took some time to clean that up. The volume of packets leads me to think this was probably one of the distributed denial of service attacks of the same genré as those which were launched against Yahoo, E-Bay, and other similar sites.