[nsp-sec] DDoS against 64.80.70.4 and 64.80.74.4

John Fraizer john at op-sec.us
Wed Feb 27 16:27:46 EST 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


If anyone has any intel on the C&C involved in this attack, I'd love to see it.

John


John Fraizer wrote:
> ----------- nsp-security Confidential --------
> 
> 
> Please do not blackhole the victim IPs here. Those are our external AUTH DNS servers.  That would be a WAY bad thing to happen.
> 
> 
> John Fraizer
> Senior Internetworking Engineer
> Network Operations Engineering
> NuVox, Inc
> 
> 
> Gong, Yiming wrote:
>> It seems that the sources are all over the place. Do you want us to
>> blackhole these two IPs on our network?
> 
>> Regards,
> 
>> Yiming
> 
> 
>>> -----Original Message-----
>>> From: nsp-security-bounces at puck.nether.net 
>>> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of 
>>> John Fraizer
>>> Sent: Wednesday, February 27, 2008 2:18 PM
>>> To: nsp-security NSP
>>> Subject: [nsp-sec] DDoS against 64.80.70.4 and 64.80.74.4
>>>
>>> ----------- nsp-security Confidential --------
>>>
>> If you see flows to TCP 80 of 64.89.70.4 or 64.89.74.4, 
>> you've got Bot.
> 
>> I'm actively mitigating over 1000 sources.
> 
>> John
>> AS11456
> 
>>>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security community. Confidentiality is essential for
> effective Internet security counter-measures.
> _______________________________________________
> 

_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security

Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org

iD8DBQFHxdXS+16lRpJszIgRAgbvAJ90yepa/dB3bOgvV7Um3ovQfq2GwACeMbF5
XME8fwYrNhb17HWy4Y9xNI0=
=a7Ge
-----END PGP SIGNATURE-----

More information about the nsp-security mailing list