[nsp-sec] DDoS against 213.27.239.85 (paging L3+NTT)
Nicolas FISCHBACH
nicolist at securite.org
Thu Jan 31 06:00:14 EST 2008
Hi,
We've a DDoS that started yesterday and is currently impacting
our int'l transit links (L3 and NTT, our TAC/NOC will probably also
contact you to blackhole on your side) and maxing out our mitigation
capabilities.
It's hitting mainly 213.27.239.85 and for some time 213.27.136.168.
Mainly UDP, with top 5 sources (spoofed):
213.92.95.80
77.109.136.146
196.203.251.29
74.200.206.130
140.111.143.133
Does anyone track a C&C that could be involved ? The botnet seems
pretty large as it's coming in from all over the place.
Malware welcome too, we've asked the customer to involve LE in Spain.
(please pass this on to nsp-sec-leo if you are on it and some ES LE
too).
Feel free to blackhole the destination if you see large amount of
traffic leaving your network.
Thanks,
Nico.
--
Nicolas FISCHBACH
Senior Manager - Network Engineering/Security - COLT Telecom
e:(nico at securite.org) w:<http://www.securite.org/nico/>
More information about the nsp-security
mailing list