[nsp-sec] DDoS against 213.27.239.85 (paging L3+NTT)
Nicolas FISCHBACH
nicolist at securite.org
Fri Feb 1 02:53:19 EST 2008
Stephen Gill wrote:
>
> Hey Nico,
Hey,
>> Yes, the customer has the following ranges (and got hit on all 3):
>>
>> 213.27.150.168/29
>> 213.27.239.80/28
>> 213.27.146.180/30
>
> Now they are attacking other Ips, so you can rest easy for a little bit :D.
Looks like, got the same feedback from some upstreams.
> Is it okay to have the botnet taken down?
Our legal department is liasing with spanish cybercrime people this morning
as this isn't the usual "background noise" type DDoS.
>> Thanks. Can the people with bots on the list try to get a copy of the
>> malware ?
>
> Sure :)
> [...]
>
>>> If you'd like we can set the wayback machine for before 27 JAN 2008
>>> and see if there are any other attacks or discourse.
>> We only saw attacks this week so far, nothing in PFSP for the weeks
>> before.
>
> Here is a list of current/actual attacking Ips connected to the botnet:
>
> [...]
Thanks a lot for this Steve (and Rob) !
Nico.
--
Nicolas FISCHBACH
Senior Manager - Network Engineering/Security - COLT Telecom
e:(nico at securite.org) w:<http://www.securite.org/nico/>
More information about the nsp-security
mailing list