[nsp-sec] Potential DDoS - Paging Level3 - QWEST/Savvis/BTN could use some assistance as well
Nicholas Ianelli
ni at centergate.net
Wed Apr 8 15:54:31 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team,
I'd be interested if you are seeing some anomalous* traffic to the
following two IP addresses:
207.207.167.157
207.207.167.158
29748 | 207.207.167.157 | CARPATHIA-HOSTING - Carpathia Hosting, Inc.
Bulk mode; peer-whois.cymru.com [2009-04-08 19:46:54 +0000]
209 | 207.207.167.157 | ASN-QWEST - Qwest Communications
3356 | 207.207.167.157 | LEVEL3 Level 3 Communications
3491 | 207.207.167.157 | BTN-ASN - Beyond The Network America, Inc.
3561 | 207.207.167.157 | SAVVIS - Savvis
Could someone from Level3 please contact me off list. It would be great
if we could take a more detailed look at this to determine if what I'm
seeing is actually occurring. QWEST, Savvis, BTN - would love to see
what you have as well.
*I know, what's that actually mean here, well I'm still not sure, most
likely ICMP with something else potentially in the mix.
Thanks,
Nick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iEYEARECAAYFAkndAPcACgkQi10dJIBjZIAk+ACgxXEGhGsJgqROrP0kUsHRC2By
5P0AnipcsRVl3JHCZ+NL5+U9RqK1Ygie
=Ac5T
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list