[nsp-sec] DSL reports under ddos -- C&C info - AS 9121 (TR)
Beasley, Jason
jason.beasley at xo.com
Wed Mar 19 11:07:41 EDT 2008
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of
> Jose Nazario
> Sent: Wednesday, March 19, 2008 9:01 AM
> To: nsp-security NSP
> Subject: Re: [nsp-sec] DSL reports under ddos -- C&C info -
> AS 9121 (TR)
>
> ----------- nsp-security Confidential --------
>
> DSL reports are saying that they're managing to weather the
> attack through
> /32 filtering. over 1100 /32s filtered ...
>
> the attack is an HTTP GET flood, so no spoofing is going on.
> if you're IP
> is on their list (published in google docs) it's worth
> investigating in my
> estimation.
>
> thanks everyone
>
> -------------------------------------------------------------
> jose nazario, ph.d. <jose at arbor.net>
> security researcher, office of the CTO, arbor networks
> v: (734) 821 1427 http://asert.arbornetworks.com/
Since I ran the list through cymru whois for myself, I figured I'd
prevent duplication of effort:
https://asn.cymru.com/nsp-sec/upload/1205938723.whois.txt
More information about the nsp-security
mailing list