[nsp-sec] spamhaus ddos attack commands
Shelton, Steve
sshelton at Cogentco.com
Wed May 28 10:54:18 EDT 2008
Jose,
The /32 has been sunk on 174 and I'll keep my ears open to see if there
is anything else we can do here.
Steve Shelton
Network Security Engineer
Cogent Communications
-----Original Message-----
From: nsp-security-bounces at puck.nether.net
[mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Jose Nazario
Sent: Wednesday, May 28, 2008 10:10 AM
To: nsp-security NSP
Subject: [nsp-sec] spamhaus ddos attack commands
----------- nsp-security Confidential --------
folks
spamhaus is under ddos attack from a black energy botnet. here are some
details:
Start Timestamp 2008-05-28 08:07:40
Latest Timestamp 2008-05-28 09:07:57
C&C IP 200.63.46.62
C&C Hostname vse.ohueli.net
C&C Hostname prosto.pizdos.net
C&C Port 80
C&C ASN 15083
C&C CC AR
Command URL http://vse.ohueli.net/_vse_/stat.php
Command Given
10;2000;5;1;0;30;100;3;10;2000;2000#flood http www.spamhaus.org#10#
Target IP 64.124.52.228
Target Hostname www.spamhaus.org
Target ASN 6461
Target CC US
all times in US Eastern.
i don't know how big this network is or how serious the effects are.
i've
notified the spamhaus guys and am now reaching out to you to see if you
can help detect and shut this one down.
-------------------------------------------------------------
jose nazario, ph.d. <jose at arbor.net>
security researcher, office of the CTO, arbor networks
v: (734) 821 1427 http://asert.arbornetworks.com/
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the
nsp-security
community. Confidentiality is essential for effective Internet security
counter-measures.
_______________________________________________
More information about the nsp-security
mailing list