[nsp-sec] amazon attack

Dave Burke dave at amazon.com
Fri Jun 6 16:29:02 EDT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We're trying to get one now from the frontend LB.

All requests are for:  HTTP/1.1 GET
http://www.amazon.com/gp/product/B000JO1IPI/ref=s9alfix_c2_at2-rfc_p-2991_g1?redirect=true&pf_rd_m=ATVPDKIKX0DER&pf_rd_s=center-2&pf_rd_r=14C7VX4RTA06GC04AX7A&pf_rd_t=101&pf_rd_p=397916001&pf_rd_i=507846

dave

Smith, Donald wrote:
> Dave do you have any attack packet details?
> What address are they attacking www.amazon.com I presume?
> 
> 
> Security through obscurity WORKS against some worms and ssh attacks:)
> Donald.Smith at qwest.com giac
> 
>> -----Original Message-----
>> From: nsp-security-bounces at puck.nether.net
>> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Dave Burke
>> Sent: Friday, June 06, 2008 2:09 PM
>> To: NSP nsp-security
>> Subject: [nsp-sec] amazon attack
>> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> FYI,
> 
> Here is the top 10 offenders we have blocked so far on our border
> 
> 208.86.157.28/32
> np-43-142.netpoint.ee (194.204.43.142/32)
> 149-98-177-194.serverdedicati.seflow.net (194.177.98.149/32)
> bearnaise.andreas-knepper.de (213.239.192.233/32)
> 166849-web1.mysticnet.com (67.192.190.80/32)
> hyatt.domeneshop.no (194.63.248.42/32)
> 2green.veraserve.com (65.38.168.196/32)
> dd6832.kasserver.com (85.13.131.133/32)
> mx.phpnet.org (195.144.11.40/32)
> esc92.midphase.com (216.104.33.78/32)
> 66.160.178.217/32
> ip-216-69-175-89.ip.secureserver.net (216.69.175.89/32)
> bearnaise.andreas-knepper.de (213.239.192.233/32)
> web26.webfaction.com (74.54.74.98/32)
> 
> 208.86.157.28 was being controlled via script from 194.85.89.245
> 
> I've attached the loc.php script being used.
> 
> So far, all of the top offenders, we're seeing are linux servers running
> apache/php
> 
> 
> dave
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFISZlp6xddYR6j4jARAvd8AJ9/+9qsHkPVEYDx7DIMeD0OezluOgCfePGy
> fD4bZDSjPyU/u7ZlHKssalc=
> =2TGm
> -----END PGP SIGNATURE-----
>> ----------- nsp-security Confidential --------
>>
>>
> 
> 
> This communication is the property of Qwest and may contain confidential or
> privileged information. Unauthorized use of this communication is strictly
> prohibited and may be unlawful.  If you have received this communication
> in error, please immediately notify the sender by reply e-mail and destroy
> all copies of the communication and any attachments.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFISZ4N6xddYR6j4jARAnRUAKCow4T1pQ3Il1FD428lkCMgWYPyqQCgkDQp
cJe+iphSupqayQ5onVKdeX8=
=vgmM
-----END PGP SIGNATURE-----

More information about the nsp-security mailing list