[nsp-sec] political ddos? www.president.gov.ge
Jose Nazario
jose at arbor.net
Sun Jul 20 08:58:34 EDT 2008
notified by the fine folks at shadowserver.org:
http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20080720
it's a net we're monitoring too:
FREQ 1800000
DDOS 0 5999940000 www.president.gov.ge / 0 win+love+in+Rusia 80 7
DDOS 3 5999940000 www.president.gov.ge 80 7
DDOS 2 5999940000 www.president.gov.ge 80 7
DDOS 1 5999940000 www.president.gov.ge 7
DDOS 0 5999940000 www.president.gov.ge / 1 win+love+in+Rusia 80 7
does that command structure look familiar? machbot.
Timestamp 2008-07-18 14:04:49
C&C IP 207.10.234.244
C&C Hostname bizus-kokovs.cc
C&C Port 80
C&C ASN 1785
C&C CC US
i don't know anything about these guys:
OrgName: SAID INC
OrgID: SAIDI
Address: 410 East Walnut St
Address: suite 10
City: Perkasie
StateProv: PA
PostalCode: 18944
Country: US
NetRange: 207.10.224.0 - 207.10.239.255
CIDR: 207.10.224.0/20
NetName: SAID-INC
NetHandle: NET-207-10-224-0-1
Parent: NET-207-10-0-0-1
NetType: Reassigned
Comment:
RegDate: 2007-05-30
Updated: 2007-05-30
OrgAbuseHandle: ABUSE1911-ARIN
OrgAbuseName: ABUSE
OrgAbusePhone: +1-215-257-3110
OrgAbuseEmail: abuse at saidcom.com
OrgNOCEmail: support at saidcom.com
OrgTechEmail: support at saidcom.com
attacks ran 2008-07-18 14:04:49 - 2008-07-18 23:10:56 US Eastern.
-------------------------------------------------------------
jose nazario, ph.d. <jose at arbor.net>
security researcher, office of the CTO, arbor networks
v: (734) 821 1427 http://asert.arbornetworks.com/
More information about the nsp-security
mailing list