[nsp-sec] DDoS against 204.69.234.1/204.74.101.1
Rodney Joffe
rjoffe at centergate.com
Tue Apr 14 22:12:05 EDT 2009
Hi Guys,
We're having some issues at the moment, like this...
01:58:31.528866 IP 96.229.37.175.50264 > 204.69.234.1.domain: 54817+
A? www.yishengbo.com. (35)
01:58:31.529003 IP 203.179.88.62.61411 > 204.69.234.1.domain: 54817+
A? www.yishengbo.com. (35)
01:58:31.529174 IP 118.68.157.93.20580 > 204.69.234.1.domain: 54817+
A? www.yishengbo.com. (35)
01:58:31.529182 IP 115.103.3.197.15970 > 204.69.234.1.domain: 54817+
A? www.yishengbo.com. (35)
01:58:31.529239 IP 76.202.116.91.1535 > 204.69.234.1.domain: 54817+
A? www.yishengbo.com. (35)
01:58:31.529889 IP 68.181.227.97.3180 > 204.69.234.1.domain: 54817+
A? www.yishengbo.com. (35)
01:58:31.529922 IP 222.254.123.1.35037 > 204.69.234.1.domain: 54817+
A? www.yishengbo.com. (35)
01:58:31.530031 IP 68.181.227.97.3182 > 204.69.234.1.domain: 54817+
A? www.yishengbo.com. (35)
We're filtering, but it would be very helpful if you could look for
the botnet and C&C, and nail it.
Thanks
More information about the nsp-security
mailing list