[nsp-sec] ACK: Re: 10K attacking Ips
Steven Matkoski
matkoski at nysernet.org
Fri Feb 8 09:01:31 EST 2008
ACK AS 3685
At 03:17 AM 2/8/2008, Stephen Gill wrote:
>----------- nsp-security Confidential --------
>
>Hi Team,
>
>The following Ips have been attacking the Virustotal service in a few
>different ways, non spoofed, should be presumed compromised:
>
>https://www.cymru.com/nsp-sec/Owned/ddos-20070207.txt
>
>Target: 74.53.201.162:80
>Timestamp: CET
>* Note: There is IP duplication (sorted), though timestamps should be
>unique.
>
>We've spotted a few possible C&Cs related to this, but not a smoking gun.
>Could those of you who have visibility into any of these networks please
>check to see if you can find any malware or C&C traffic on the machines?
>We're not really interested in mitigation at this point, mostly attribution
>and botnet triangulation. Please do NOT null route the target! :)
>
>As always, please do NOT share this list outside of nsp-sec, and keep the
>attack information nsp-sec confidential. If you have any questions feel
>free to contact us.
>
>Thanks much!
>
>--
>Stephen Gill, Chief Scientist, Team Cymru
>http://www.cymru.com | +1 312 924 4023 | gillsr at cymru.com
>
>
>
>
>_______________________________________________
>nsp-security mailing list
>nsp-security at puck.nether.net
>https://puck.nether.net/mailman/listinfo/nsp-security
>
>Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
>community. Confidentiality is essential for effective Internet
>security counter-measures.
>_______________________________________________
More information about the nsp-security
mailing list