[nsp-sec-jp] 1000 Drone attack, check for your ips here!

2007年 11月 26日 (月) 09:52:32 EST

KVH(AS10021)$B$NB<1[$G$9!#(B

NOC$BJ}LL$KBP1~;X<($r=P$7$^$7$?!#(B
$B>pJs$r$"$j$,$H$&$4$6$$$^$7$?!#(B
-- 
Shuhei Murakoshi <murakoshis at kvh.co.jp>
KVH Co., Ltd. (AS10021)

On Mon, 26 Nov 2007 22:13:47 +0900
Taka Mizuguchi <taka at ntt.net> wrote:

> NSP-SEC-JP$B3F0L!"(B
> 
> $B$A$g$C$H!"(BNSP-SEC$B$rDI$$$-$l$F5o$^$;$s$G$7$?!D(B
> 
> $B0J2<$N%[%9%H$,(BVirus/Worm$B$K46 at w$7$F$$$k$H;W$o$l$^$9!#(B
> 
> 10021   | 210.233.197.212  | KVH KVH Co.,Ltd
> 
> 
> $BBg5,LO$J(BDDoS$B%"%?%C%/$,H/@8$7$F$*$j!"(Bblackholing$B$7$F$$$k$=$&$G$9!#(B
> Filter$B$r$9$kI,MW$O$J$$$H8@$C$F$$$^$9$,!"46 at w$7$F$$$k$H;W$o$l$^$9!#(B
> 
> $B%"%?%C%+!<$O!"(Bport80$BHV$K(BTCP-3 way$B%O%s%I%7%'%$%/$r9T$C$F%"%/%;%9$K(B
> $B$-$^$9!#$=$7$F!"@5$7$$(B HTTP2 request$B%Q%1%C%H$rAw$j%U%!%$%k$r%@%&%s(B
> $B%m!<%I$7$h$&$H$9$k$h$&$G$9!#$=$l$K$h$j!"?t(BGbps$B$N%H%i%U%#%C%/$,H/@8(B
> $B$9$k62$m$7$$(Bbotnet$B$@$H$$$&$3$H$G$9!#(B
> 
> $B3NG'$r8f4j$$$7$^$9!#(B
> 
> 
> Forwarded by Taka Mizuguchi <taka at ntt.net>
> ----------- nsp-security Confidential --------
> 
> Hello all,
> 
> As usual when we get large DoS attacks, we are able to filter/absorb  
> internally just fine, so please do not filter this attack on your  
> networks, we don't want to be partially blackholed.
> 
> This list is provided so you can look on your networks to find hosts  
> infected with drones.
> 
> These attackers were completing full TCP 3-way handshakes to port 80,  
> and sending valid HTTP requests to download files, using up thousands  
> of sockets and about several Gbps of bandwidth, so a fairly scary  
> botnet.
> 
> Hopefully someone with one of these drones on their network can look  
> for the control node...
> 
> Cheers and Happy Thanksgiving,
> 
> 
> The full list of attackers is:
> AS      | IP               | AS Name
> 10021   | 210.233.197.212  | KVH KVH Co.,Ltd
> 
> 
> 
> -----
> Taka Mizuguchi
> taka at ntt.net
> 

****************************************************************
"PLEASE NOTE:  This email,  and  any  attachments  hereto,  are
intended only  for use  by the specified addressee(s)  and  may
contain legally privileged and/or confidential and/or proprietary
information of KVH Co., Ltd.  and/or its affiliates  (including
personal information).  If you are not the intended recipient of
this email, please immediately notify the sender by email,  and
please permanently  delete the original,  any print out and any
copies of the foregoing. "
****************************************************************