[nsp-sec] UDP attack against 62.50.74.122 (AS15650)
White, Gerard
Gerard.White at aliant.ca
Tue Mar 11 16:56:46 EDT 2008
Greetings.
Its my best guess right now that the following C&C may be related:
217.79.190.56 tcp/113
Channel: #whatever3
Key: :bleh
GW
855 - Aliant
-----Original Message-----
From: nsp-security-bounces at puck.nether.net
[mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Mike Hellers
Sent: Tuesday, March 11, 2008 2:28 PM
To: nsp-security at puck.nether.net
Subject: [nsp-sec] UDP attack against 62.50.74.122 (AS15650)
----------- nsp-security Confidential --------
All,
AS15650 saw a rather high bandwidth (around 2Gbps) DDOS attack against
one of their customers today (target 62.50.74.122 - AS15650).
The flows were all UDP, so some of the source addresses might be
spoofed, but looking at some of the source IP's we could identify, I
suspect a lot of them to be real compromised boxes.
I would appreciate any insight somebody might have to link this attack
to any known C&C.
Attached are some of the the flows as we (AS8928) have seen them.
More information about the nsp-security
mailing list