[nsp-sec] anyone see a large udp flood against viaklix ?
Smith, Donald
Donald.Smith at qwest.com
Tue May 6 13:23:47 EDT 2008
When you say "reaching out" I assume you mean this bot downloaded
something from 198.203.192.228. Not a DDOS a single http request. I am
interpreting this correctly?
RM=for(1)
{manage_risk(identify_risk(product[i++]) &&
(identify_threat[product[i++]))}
Donald.Smith at qwest.com giac
> -----Original Message-----
> From: Rob Thomas [mailto:robt at cymru.com]
> Sent: Tuesday, May 06, 2008 11:15 AM
> To: Smith, Donald
> Cc: nsp-security at puck.nether.net
> Subject: Re: [nsp-sec] anyone see a large udp flood against viaklix ?
>
> Hi, Don.
>
> The only nibble we saw was a bot reaching out to TCP 80 on
> 198.203.192.228 on 2008-05-05 06:54:18 UTC:
>
> 77.90.4.139 6667/tcp bot ID: irc.priv8net.com
>
> Sorry,
> Rob.
>
>
> Smith, Donald wrote:
> > ----------- nsp-security Confidential --------
> >
> > These are the ip addresses that are victims in this attack.
> > 198.203.191.65
> > 198.203.191.66
> > 198.203.191.101
> > 198.203.191.109
> > 198.203.191.173
> > 198.203.192.228
> >
> > If anyone saw this and has more information that would be helpful.
> > The attack took place early saturday AM but it is still
> on-going at a
> > rate of 300k UDP pps.
> >
> > TIA
> >
> >
> > H8Hz
> > Donald.Smith at qwest.com giac
> >
> >
> > This communication is the property of Qwest and may contain
> confidential or
> > privileged information. Unauthorized use of this
> communication is strictly
> > prohibited and may be unlawful. If you have received this
> communication
> > in error, please immediately notify the sender by reply
> e-mail and destroy
> > all copies of the communication and any attachments.
> >
> >
> > _______________________________________________
> > nsp-security mailing list
> > nsp-security at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/nsp-security
> >
> > Please do not Forward, CC, or BCC this E-mail outside of
> the nsp-security
> > community. Confidentiality is essential for effective
> Internet security counter-measures.
> > _______________________________________________
>
> --
> Rob Thomas
> Team Cymru
> The WHO and WHY team
> http://www.team-cymru.org/
>
>
More information about the nsp-security
mailing list