[nsp-sec] Medium TCP SYN DDOS against 163.6.5.36

Patrick Bergen pbergen at uen.org
Fri Mar 14 18:09:10 EDT 2008

Previous message: [nsp-sec] Wireless SMS Vishing attack - got sip.conf - now Vonage contact needed
Next message: [nsp-sec] CareerBuilder Security Contact?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At approx 21:30 (GMT) a distributed attack began on 163.6.5.36

Currently 22:05 the attack has trailed off but invalid flows are still
incoming.

TCP SYN dst port 80

Not sure if they are spoofed at this point.

If you see large syn flows to this host you most likely have bot.

-- 
Patrick Bergen,
Sr. Systems Security Analyst
UEN Security Office

Previous message: [nsp-sec] Wireless SMS Vishing attack - got sip.conf - now Vonage contact needed
Next message: [nsp-sec] CareerBuilder Security Contact?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the nsp-security mailing list