[nsp-sec] active ddos botnet
Jose Nazario
jose at arbor.net
Wed Jul 9 09:11:16 EDT 2008
not sure how high profile the target is.
"md5hash","server_inet","server_fqdn","port","server_pass","username","nick","realname","channel"
"f99ef1a99ce03a8d2647a005f1c3385e","147.202.37.21","winudpmgr.mydyn.net","8080","","0","[XP]|NNNNNNN","[XP]|NNNNNNNNN","#ddosbot"
currenttopic #ddosbot !ddos.supersyn 64.56.73.47 7777 999
pretty good sized net.
AS | IP | AS Name
22439 | 64.56.73.47 | VRTSERVERS - Vrtservers, Inc
hostnames are masked so i can't tell from the whois logs who has joined.
-------------------------------------------------------------
jose nazario, ph.d. <jose at arbor.net>
security researcher, office of the CTO, arbor networks
v: (734) 821 1427 http://asert.arbornetworks.com/
More information about the nsp-security
mailing list