[nsp-sec] DSL reports under ddos -- C&C info - AS 9121 (TR)

Wed Mar 19 15:54:17 EDT 2008

This is not a matter of trust.
I have been trying to spot validate some of the reports we see.
So far validated a few reports and told this community that I was able
to validate the systems involved.

I think this is helpful and hoped someone else could validate that they
are seeing this attack traffic from the ip addresses identified.

RM=for(1)
{manage_risk(identify_risk(product[i++]) &&
(identify_threat[product[i++]))}
Donald.Smith at qwest.com giac 

> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net 
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of 
> Krista Hickey
> Sent: Wednesday, March 19, 2008 1:44 PM
> To: nsp-security at puck.nether.net
> Subject: Re: [nsp-sec] DSL reports under ddos -- C&C info - 
> AS 9121 (TR)
> 
> ----------- nsp-security Confidential --------
> 
> > On Wed, 19 Mar 2008, Smith, Donald wrote:
> 
> > I am wondering how good their data is.
> > Has anyone validated the list of attacking ip addresses?
> 
> I'm not directly involved in this particular incident but have worked
> with DSLreports on many occasions over the past ~7 years and can say
> that generally they're pretty clueful and have never given me false
> positive data to date. I'm sure Jose will comment but if 
> necessary I can
> speak to the DSLR people for validation and additional info.
> 
> Krista
> 7992 
>  
> Do you really need to print this email? Help preserve our 
> environment! Devez-vous vraiment imprimer ce courriel? 
> Pensons a l'environnement!
> __________________________________________________________
>  
> The information in this message, including in all 
> attachments, is confidential or privileged. In the event you 
> have received this message in error and are not the intended 
> recipient, you are hereby advised that any use, copying or 
> reproduction of this document is strictly forbidden. Please 
> notify immediately the sender of this error and destroy this 
> message, including its attachments, as the case may be.
>  
> L'information apparaissant dans ce message electronique et 
> dans les documents qui y sont joints est de nature 
> confidentielle ou privilegiee. Si ce message vous est parvenu 
> par erreur et que vous n'en etes pas le destinataire vise, 
> vous etes par les presentes avise que toute utilisation, 
> copie ou distribution de ce message est strictement 
> interdite. Vous etes donc prie d'en informer immediatement 
> l'expediteur et de detruire ce message, ainsi que les 
> documents qui y sont joints, le cas echeant.
> 
> __________________________________________________________
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the 
> nsp-security
> community. Confidentiality is essential for effective 
> Internet security counter-measures.
> _______________________________________________
> 
> 

This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly 
prohibited and may be unlawful.  If you have received this communication 
in error, please immediately notify the sender by reply e-mail and destroy 
all copies of the communication and any attachments.