[nsp-sec] DDoS Attack
Nicholas Ianelli
ni at cert.org
Mon Sep 8 13:39:27 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Our friend Toni is still experiencing a DDoS attack against the
following two IPs:
217.30.178.1
194.109.206.106
This primary method of this particular attack is a TCP SYN flood towards
port 7000.
The main IPs in question are (timestamps are 2008.09.09 ~13:00 utc+2):
33652 | 24.9.60.153 | DNEO-OSP7 - Comcast Cable Communications
33491 | 98.212.137.142 | DNEO-OSP7 - Comcast Cable Communications
33287 | 74.92.83.25 | DNEO-OSP4 - Comcast Cable Communications
11427 | 76.187.81.99 | SCRR-11427 - Road Runner HoldCo LLC
12271 | 68.175.76.196 | SCRR-12271 - Road Runner HoldCo LLC
209 | 97.119.197.219 | ASN-QWEST - Qwest
3356 | 65.77.78.25 | LEVEL3 Level 3 Communications
36423 | 70.45.118.68 | SAN-JUAN-CABLE - San Juan Cable, LLC
11992 | 64.213.120.105 | CENTENNIAL-PR - Centennial de Puerto Rico
6621 | 67.143.14.242 | HNS-DIRECPC - Hughes Network Systems
11367 | 204.119.21.208 | ICENET - ICE Networks
14638 | 69.79.90.91 | LCPR-HSD - Liberty Cablevision of Puerto
Rico LTD
Any help in cleaning up the infected hosts and locating the C&C would be
very much appreciated.
Thanks!
Nick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iEYEARECAAYFAkjFY08ACgkQi10dJIBjZIBE+wCg3l+SWxiYXHh9kJuFsItYMS7i
pKoAn19gTykQp/diG2/T8ihB5QbslZTI
=LX0+
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list