[nsp-sec] ACK 174 - RE: 10K attacking Ips
Shelton, Steve
sshelton at Cogentco.com
Fri Feb 8 04:57:16 EST 2008
Thanks and ACK for AS174.
Steve Shelton
Cogent Abuse
-----Original Message-----
From: nsp-security-bounces at puck.nether.net
[mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Stephen Gill
Sent: Friday, February 08, 2008 3:17 AM
To: nsp-security NSP
Subject: [nsp-sec] 10K attacking Ips
----------- nsp-security Confidential --------
Hi Team,
The following Ips have been attacking the Virustotal service in a few
different ways, non spoofed, should be presumed compromised:
https://www.cymru.com/nsp-sec/Owned/ddos-20070207.txt
Target: 74.53.201.162:80
Timestamp: CET
* Note: There is IP duplication (sorted), though timestamps should be
unique.
We've spotted a few possible C&Cs related to this, but not a smoking
gun.
Could those of you who have visibility into any of these networks please
check to see if you can find any malware or C&C traffic on the machines?
We're not really interested in mitigation at this point, mostly
attribution
and botnet triangulation. Please do NOT null route the target! :)
As always, please do NOT share this list outside of nsp-sec, and keep
the
attack information nsp-sec confidential. If you have any questions feel
free to contact us.
Thanks much!
--
Stephen Gill, Chief Scientist, Team Cymru
http://www.cymru.com | +1 312 924 4023 | gillsr at cymru.com
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the
nsp-security
community. Confidentiality is essential for effective Internet security
counter-measures.
_______________________________________________
More information about the nsp-security
mailing list