[nsp-sec] spamhaus ddos attack commands
Jose Nazario
jose at arbor.net
Wed May 28 10:10:12 EDT 2008
folks
spamhaus is under ddos attack from a black energy botnet. here are some
details:
Start Timestamp 2008-05-28 08:07:40
Latest Timestamp 2008-05-28 09:07:57
C&C IP 200.63.46.62
C&C Hostname vse.ohueli.net
C&C Hostname prosto.pizdos.net
C&C Port 80
C&C ASN 15083
C&C CC AR
Command URL http://vse.ohueli.net/_vse_/stat.php
Command Given
10;2000;5;1;0;30;100;3;10;2000;2000#flood http www.spamhaus.org#10#
Target IP 64.124.52.228
Target Hostname www.spamhaus.org
Target ASN 6461
Target CC US
all times in US Eastern.
i don't know how big this network is or how serious the effects are. i've
notified the spamhaus guys and am now reaching out to you to see if you
can help detect and shut this one down.
-------------------------------------------------------------
jose nazario, ph.d. <jose at arbor.net>
security researcher, office of the CTO, arbor networks
v: (734) 821 1427 http://asert.arbornetworks.com/
More information about the nsp-security
mailing list