[nsp-sec] Spam attack against mx.online.no
bjorn.jensen at telenor.com
bjorn.jensen at telenor.com
Tue Sep 30 17:43:37 EDT 2008
Hi all,
For the last days, we've been hit by a "Sirzbi Spam Cannon BotNet" on mx.online.no.(AS2119)
With help from Gerard the C&C are traced down to 208.72.168.252 ( udp/tcp 4099) in AS26780.
We (Telenor) need some help from you to drop this traffic by blackhole 208.72.168.252/32 in your network, This will help us a lot.
AS | IP | AS Name
26780 | 208.72.168.252 | MCCOLO - McColo Corporation
26780 MCCOLO - McColo Corporation
Adjacency: 2 Upstream: 2 Downstream: 0
Upstream Adjacent AS list
AS6939 HURRICANE - Hurricane Electric, Inc.
AS3549 GBLX Global Crossing Ltd.
We are working on a list for infected hosts, but it take some time because we have to map and clean up a lot of user unknown for the last days.
Thanks
Bjorn Jensen
Telenor AS2119
More information about the nsp-security
mailing list