[nsp-sec] DDoS against 64.80.70.4 and 64.80.74.4
John Fraizer
john at op-sec.us
Wed Feb 27 15:38:05 EST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Please do not blackhole the victim IPs here. Those are our external AUTH DNS servers. That would be a WAY bad thing to happen.
John Fraizer
Senior Internetworking Engineer
Network Operations Engineering
NuVox, Inc
Gong, Yiming wrote:
> It seems that the sources are all over the place. Do you want us to
> blackhole these two IPs on our network?
>
> Regards,
>
> Yiming
>
>
>> -----Original Message-----
>> From: nsp-security-bounces at puck.nether.net
>> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of
>> John Fraizer
>> Sent: Wednesday, February 27, 2008 2:18 PM
>> To: nsp-security NSP
>> Subject: [nsp-sec] DDoS against 64.80.70.4 and 64.80.74.4
>>
>> ----------- nsp-security Confidential --------
>>
>
> If you see flows to TCP 80 of 64.89.70.4 or 64.89.74.4,
> you've got Bot.
>
> I'm actively mitigating over 1000 sources.
>
> John
> AS11456
>
>>
>>
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
>>
Please do not Forward, CC, or BCC this E-mail outside of the
nsp-security community. Confidentiality is essential for
effective Internet security counter-measures.
_______________________________________________
>>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org
iD8DBQFHxcos+16lRpJszIgRAiCbAJ0WY3gW8DW4kPBj+QsDukdP9kKUqgCfbpKV
AnZvK3Nr6GfLiN+fgHqo5Lg=
=ew1d
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list