[nsp-sec] DDoS possibly towards 212.224.127.14
Jose Nazario
jose at arbor.net
Fri Apr 11 12:20:34 EDT 2008
On Fri, 11 Apr 2008, Serge Droz wrote:
> Any ideas on the botnet involved?
i think danny has some info he'll be able to give you, but i see this C&C
from against the target from a few days ago.
Timestamp 2008-04-07 23:01:02
C&C IP 89.149.240.181
C&C Hostname unknown.vectoral.info
C&C Port 80
C&C ASN 28753
C&C CC UK
C&C Channel #exp
Command URL
Command Given
.syn
Target IP 212.224.127.14
Target Hostname
Target ASN 44066
Target CC DE
not sure if this is the same C&C as you're seeing at this time, but i
figured i would help you start in a known place.
-------------------------------------------------------------
jose nazario, ph.d. <jose at arbor.net>
security researcher, office of the CTO, arbor networks
v: (734) 821 1427 http://asert.arbornetworks.com/
More information about the nsp-security
mailing list