[nsp-sec] 6Gbps (peak) attack ongoing

Gabriel Iovino giovino at ren-isac.net
Fri Jun 20 08:34:58 EDT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Neil Long wrote:
| ----------- nsp-security Confidential --------
|
| Hi
|
| We just received information regarding a hefty attack (tcp and udp
| port 80) where the c&c are
|
|> 195.228.74.242 port 80
|> 212.214.41.35 port 53
|
| both in DDoS-RS which we have listed as mail.purplelots.com and
| live.jugekid.info in dnsrr
|
| Participating IPs are
|
| https://asn.cymru.com/nsp-sec/upload/1213953493.whois.txt
|
| AS numbers and count for IPs in the above file

ACK:

AS      | IP               | AS Name
81      | 152.42.167.237   | NCREN - MCNC
237     | 35.8.122.188     | MERIT-AS-14 - Merit Network Inc.
557     | 207.166.250.11   | UMAINE-SYS-AS - University of Maine System
600     | 138.28.36.205    | OARNET-AS - OARnet
1249    | 128.119.85.13    | FIVE-COLLEGES-AS - Five Colleges Network
1706    | 128.196.204.174  | UNIV-ARIZ - University of Arizona
2828    | 160.7.233.207    | XO-AS15 - XO Communications
4385    | 129.21.180.234   | RIT-ASN - Rochester Institute of Technology
7212    | 129.59.26.52     | VANDERBILT - Vanderbilt University
7925    | 129.71.112.1     | WVNET - West Virginia Network for
Educational Telecomputing
13371   | 152.3.175.39     | DUKE-INTERCHANGE - Duke University
13407   | 198.49.142.2     | CTC-BGP2 - Computer Telephone Corp
14550   | 140.233.43.50    | MIDDLEBURY-COLLEGE - Middlebury College
16889   | 155.246.76.234   | STEVENS-TECH - Stevens Institute of Technology
32480   | 151.112.15.63    | LLUMC - Loma Linda University Medical Center
33170   | 158.103.0.2      | MORGAN-STATE-UNIVERSITY - Morgan State
University
40246   | 128.123.80.17    | NMSU - New Mexico State University

Thanks

Gabe

- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkhbo+oACgkQwqygxIz+pTtdqwCfR582/jfcGqQXAcYC9WEF9j+E
MqAAnjW+FnKpAmSfUXOy6qNkU+O5ioS7
=sR52
-----END PGP SIGNATURE-----

More information about the nsp-security mailing list