[nsp-sec] DDoS against 204.69.234.1/204.74.101.1
Chris Morrow
morrowc at ops-netman.net
Tue Apr 14 23:19:01 EDT 2009
On Tue, 14 Apr 2009, Mike Lewinski wrote:
> ----------- nsp-security Confidential --------
>
> Rob Thomas wrote:
>
>> Queries running now. Got a full(er) list of sources? Likely spoofed or
>> no?
>
> Pretty sure it's spoofed. I'm definitely seeing backscatter here. It looks
> like:
>
> 20:26:13.233527 204.74.101.1.53 > 206.168.189.6.37289: 62889*- 1/3/0 A
> 72.52.5.60 (117) (DF)
is this the thing that was attacked 2 weeks ago on ultra/register/blah? I
ask since it's also behind prolexic now...
-Chris
More information about the nsp-security
mailing list