[nsp-sec] anyone see a large udp flood against viaklix ?
Rob Thomas
robt at cymru.com
Tue May 6 13:14:44 EDT 2008
Hi, Don.
The only nibble we saw was a bot reaching out to TCP 80 on
198.203.192.228 on 2008-05-05 06:54:18 UTC:
77.90.4.139 6667/tcp bot ID: irc.priv8net.com
Sorry,
Rob.
Smith, Donald wrote:
> ----------- nsp-security Confidential --------
>
> These are the ip addresses that are victims in this attack.
> 198.203.191.65
> 198.203.191.66
> 198.203.191.101
> 198.203.191.109
> 198.203.191.173
> 198.203.192.228
>
> If anyone saw this and has more information that would be helpful.
> The attack took place early saturday AM but it is still on-going at a
> rate of 300k UDP pps.
>
> TIA
>
>
> H8Hz
> Donald.Smith at qwest.com giac
>
>
> This communication is the property of Qwest and may contain confidential or
> privileged information. Unauthorized use of this communication is strictly
> prohibited and may be unlawful. If you have received this communication
> in error, please immediately notify the sender by reply e-mail and destroy
> all copies of the communication and any attachments.
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
--
Rob Thomas
Team Cymru
The WHO and WHY team
http://www.team-cymru.org/
More information about the nsp-security
mailing list