[nsp-sec] packet love at 81.21.73.240 - 10.7 Gb / 1.2m pps
Steve Colam
steve.colam at gxn.net
Mon Jul 14 09:57:42 EDT 2008
Hi Folks,
We have an attack at 81.21.73.240 which mostly consists
of ICMP, with some tcp 80 and udp 80 just for fun.
The ICMP packet size varies.
The bots seem to be tracking the A record for
www.av-sales.co.uk
It's been going on since Friday and has just peaked
at 10.7Gb/1.2m pps (12:45 GMT0 14/July/2008)
It appears that most src IPs are spoofed.
With some help from Hillar (tx!) we know the C&C
is hosted on life-tablets.cn
So if would be rather splendid if someone can help shut
this down...
Tx,
Steve @ AS5413
--
Steve Colam
Head of Network Operations
GX Networks Mobile: +44 7971 534844
steve.colam at gxn.net Direct: +44 1865 381592
PGP Key ID: 0x1C19D542 http://www.gxn.net/
More information about the nsp-security
mailing list