[nsp-sec] DDoS possibly towards 212.224.127.14
Serge Droz
serge.droz at switch.ch
Mon Apr 14 08:34:15 EDT 2008
Hi Jose,
thanks for the info. I'll try to follow up. At them moment it seems as if this
is a war between two porn sites, trying to get at each other.
Oh, well
Serge
Jose Nazario wrote:
> On Fri, 11 Apr 2008, Serge Droz wrote:
>
>> Any ideas on the botnet involved?
>
> i think danny has some info he'll be able to give you, but i see this
> C&C from against the target from a few days ago.
>
> Timestamp 2008-04-07 23:01:02
> C&C IP 89.149.240.181
> C&C Hostname unknown.vectoral.info
> C&C Port 80
> C&C ASN 28753
> C&C CC UK
> C&C Channel #exp
> Command URL
> Command Given
>
> .syn
>
> Target IP 212.224.127.14
> Target Hostname
> Target ASN 44066
> Target CC DE
>
>
>
> not sure if this is the same C&C as you're seeing at this time, but i
> figured i would help you start in a known place.
>
> -------------------------------------------------------------
> jose nazario, ph.d. <jose at arbor.net>
> security researcher, office of the CTO, arbor networks
> v: (734) 821 1427 http://asert.arbornetworks.com/
--
SWITCH
Serving Swiss Universities
--------------------------
Serge Droz, SWITCH-CERT
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 63, fax +41 44 268 15 78
serge.droz at switch.ch, http://www.switch.ch
More information about the nsp-security
mailing list