[nsp-sec-jp] 1000 Drone attack, check for your ips here!

2007年 11月 26日 (月) 11:20:36 EST

KVH$B!!B<1[$5$^(B

$B8DJL%a!<%k$G$b%l%9$5$;$FD:$-$^$7$?$,!"AaB.$NBP1~$"$j$,$H$&$4$6$$$^$9!#(B
$BA0$N%a!<%k$O!"5U$G$7$?!#(B

$B%"%?%C%/@h$G!"(BFiltering$B$d5[<}$7$F$$$k$N$G!"ItJ,E*$J(BBlackhole$B$OITMW(B
$B$H8@$k$N$G!"6[5^@-$O!"Dc$$$H;W$$$^$9!#(B

$B$h$m$7$/$*4j$$CW$7$^$9!#(B


On Mon, 26 Nov 2007 23:52:32 +0900
Shuhei Murakoshi <murakoshis ＠ kvh.co.jp> wrote:

> 
> KVH(AS10021)$B$NB<1[$G$9!#(B
> 
> NOC$BJ}LL$KBP1~;X<($r=P$7$^$7$?!#(B
> $B>pJs$r$"$j$,$H$&$4$6$$$^$7$?!#(B
> -- 
> Shuhei Murakoshi <murakoshis ＠ kvh.co.jp>
> KVH Co., Ltd. (AS10021)
> 
> 
> On Mon, 26 Nov 2007 22:13:47 +0900
> Taka Mizuguchi <taka ＠ ntt.net> wrote:
> 
> > NSP-SEC-JP$B3F0L!"(B
> > 
> > $B$A$g$C$H!"(BNSP-SEC$B$rDI$$$-$l$F5o$^$;$s$G$7$?!D(B
> > 
> > $B0J2<$N%[%9%H$,(BVirus/Worm$B$K46 ＠ w$7$F$$$k$H;W$o$l$^$9!#(B
> > 
> > 10021   | 210.233.197.212  | KVH KVH Co.,Ltd
> > 
> > 
> > $BBg5,LO$J(BDDoS$B%"%?%C%/$,H/@8$7$F$*$j!"(Bblackholing$B$7$F$$$k$=$&$G$9!#(B
> > Filter$B$r$9$kI,MW$O$J$$$H8@$C$F$$$^$9$,!"46 ＠ w$7$F$$$k$H;W$o$l$^$9!#(B
> > 
> > $B%"%?%C%+!<$O!"(Bport80$BHV$K(BTCP-3 way$B%O%s%I%7%'%$%/$r9T$C$F%"%/%;%9$K(B
> > $B$-$^$9!#$=$7$F!"@5$7$$(B HTTP2 request$B%Q%1%C%H$rAw$j%U%!%$%k$r%@%&%s(B
> > $B%m!<%I$7$h$&$H$9$k$h$&$G$9!#$=$l$K$h$j!"?t(BGbps$B$N%H%i%U%#%C%/$,H/@8(B
> > $B$9$k62$m$7$$(Bbotnet$B$@$H$$$&$3$H$G$9!#(B
> > 
> > $B3NG'$r8f4j$$$7$^$9!#(B
> > 
> > 
> > Forwarded by Taka Mizuguchi <taka ＠ ntt.net>
> > ----------- nsp-security Confidential --------
> > 
> > Hello all,
> > 
> > As usual when we get large DoS attacks, we are able to filter/absorb  
> > internally just fine, so please do not filter this attack on your  
> > networks, we don't want to be partially blackholed.
> > 
> > This list is provided so you can look on your networks to find hosts  
> > infected with drones.
> > 
> > These attackers were completing full TCP 3-way handshakes to port 80,  
> > and sending valid HTTP requests to download files, using up thousands  
> > of sockets and about several Gbps of bandwidth, so a fairly scary  
> > botnet.
> > 
> > Hopefully someone with one of these drones on their network can look  
> > for the control node...
> > 
> > Cheers and Happy Thanksgiving,
> > 
> > 
> > The full list of attackers is:
> > AS      | IP               | AS Name
> > 10021   | 210.233.197.212  | KVH KVH Co.,Ltd
> > 
> > 
> > 
> > -----
> > Taka Mizuguchi
> > taka ＠ ntt.net
> > 
> 
> 
> ****************************************************************
> "PLEASE NOTE:  This email,  and  any  attachments  hereto,  are
> intended only  for use  by the specified addressee(s)  and  may
> contain legally privileged and/or confidential and/or proprietary
> information of KVH Co., Ltd.  and/or its affiliates  (including
> personal information).  If you are not the intended recipient of
> this email, please immediately notify the sender by email,  and
> please permanently  delete the original,  any print out and any
> copies of the foregoing. "
> ****************************************************************

-----
Taka Mizuguchi
taka ＠ ntt.net