[nsp-sec] DFN-CERT#12384 - DoS vs. 66.252.8.19 & 66.252.21.77
Klaus Moeller
moeller at dfn-cert.de
Fri Oct 31 07:37:49 EDT 2008
Hi,
We had a report of DoS attack from a German site yesterday against the two
servers below (timezone is UTC+1:00):
> 30.10.08 4:10- 4:23 vs. 66.252.8.19
> 30.10.08 13:23-13:47 vs. 66.252.8.19
> 30.10.08 20:45-20:56 vs. 66.252.21.77
Unfortunately, the site wasn't able to track down the source of the attack,
as the source addresses were spoofed.
Has anybody seen the attack or knows the C&C, that would help the site in
tracking down the infected system in their network.
Best regards,
Klaus Möller, DFN-CERT
--
Dipl. Inform. Klaus Moeller (Incident Response Team)
Phone: +49 40 808077-555, Fax: +49 40 808077-556
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrase 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
Automatische Warnmeldungen https://www.cert.dfn.de/autowarn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 486 bytes
Desc: This is a digitally signed message part.
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20081031/d59e7a12/attachment-0001.sig>
More information about the nsp-security
mailing list