[nsp-sec] DDoS Attack
Nicholas Ianelli
ni at cert.org
Mon Sep 8 15:02:16 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> The main IPs in question are (timestamps are 2008.09.09 ~13:00 utc+2):
>> Did you mean 2008.09.08 ?
>> Today is the 8th of Sept;)
Why yes, you read my mind :)
>
> 33652 | 24.9.60.153 | DNEO-OSP7 - Comcast Cable Communications
> 33491 | 98.212.137.142 | DNEO-OSP7 - Comcast Cable Communications
> 33287 | 74.92.83.25 | DNEO-OSP4 - Comcast Cable Communications
> 11427 | 76.187.81.99 | SCRR-11427 - Road Runner HoldCo LLC
> 12271 | 68.175.76.196 | SCRR-12271 - Road Runner HoldCo LLC
> 209 | 97.119.197.219 | ASN-QWEST - Qwest
>> I looked and this ip is just doing web surfing.
>> No attack traffic that I could see.
>> This may imply that the src ips are spoofed.
Ok, thanks for looking!
Nick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iEYEARECAAYFAkjFdrgACgkQi10dJIBjZIA2fwCg6jApa1FZ1SLVqQIrLa4dPOyx
YpwAnA/0TncAK0HEnNiCZRimD3QBzr9x
=vBvd
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list