[nsp-sec] amazon attack

[Smith, Donald]

Dave do you have any attack packet details?
What address are they attacking www.amazon.com I presume?


Security through obscurity WORKS against some worms and ssh attacks:)
Donald.Smith at qwest.com giac 

> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net 
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Dave Burke
> Sent: Friday, June 06, 2008 2:09 PM
> To: NSP nsp-security
> Subject: [nsp-sec] amazon attack
> -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

FYI,

Here is the top 10 offenders we have blocked so far on our border

208.86.157.28/32
np-43-142.netpoint.ee (194.204.43.142/32)
149-98-177-194.serverdedicati.seflow.net (194.177.98.149/32)
bearnaise.andreas-knepper.de (213.239.192.233/32)
166849-web1.mysticnet.com (67.192.190.80/32)
hyatt.domeneshop.no (194.63.248.42/32)
2green.veraserve.com (65.38.168.196/32)
dd6832.kasserver.com (85.13.131.133/32)
mx.phpnet.org (195.144.11.40/32)
esc92.midphase.com (216.104.33.78/32)
66.160.178.217/32
ip-216-69-175-89.ip.secureserver.net (216.69.175.89/32)
bearnaise.andreas-knepper.de (213.239.192.233/32)
web26.webfaction.com (74.54.74.98/32)

208.86.157.28 was being controlled via script from 194.85.89.245

I've attached the loc.php script being used.

So far, all of the top offenders, we're seeing are linux servers running
apache/php


dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFISZlp6xddYR6j4jARAvd8AJ9/+9qsHkPVEYDx7DIMeD0OezluOgCfePGy
fD4bZDSjPyU/u7ZlHKssalc=
=2TGm
-----END PGP SIGNATURE-----
> ----------- nsp-security Confidential --------
> 
> 


This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly 
prohibited and may be unlawful.  If you have received this communication 
in error, please immediately notify the sender by reply e-mail and destroy 
all copies of the communication and any attachments.