[nsp-sec] DSL reports under ddos -- C&C info - AS 9121 (TR)
Smith, Donald
Donald.Smith at qwest.com
Wed Mar 19 15:37:38 EDT 2008
I am wondering how good their data is.
Has anyone validated the list of attacking ip addresses?
Jose, I assume you were able to see it since you have report times
etc... from arbor.
RM=for(1)
{manage_risk(identify_risk(product[i++]) &&
(identify_threat[product[i++]))}
Donald.Smith at qwest.com giac
> -----Original Message-----
> From: Jose Nazario [mailto:jose at arbor.net]
> Sent: Wednesday, March 19, 2008 1:20 PM
> To: Smith, Donald
> Cc: nsp-security NSP
> Subject: RE: [nsp-sec] DSL reports under ddos -- C&C info -
> AS 9121 (TR)
>
> On Wed, 19 Mar 2008, Smith, Donald wrote:
>
> > I see no flows towards the bot cc ip address identified.
> Which I could
> > almost believe if the bot cc was fairly quite.
>
> lucky you, the cmd is still posted:
>
> last seen 2008-03-19 15:03:56 US Eastern
>
> looks like a botnet in the low thousands for numbers.
>
> -------------------------------------------------------------
> jose nazario, ph.d. <jose at arbor.net>
> security researcher, office of the CTO, arbor networks
> v: (734) 821 1427 http://asert.arbornetworks.com/
>
This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.
More information about the nsp-security
mailing list