[nsp-sec] DDoS against 204.69.234.1/204.74.101.1
Nicholas Ianelli
ni at centergate.net
Tue Apr 14 23:38:05 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>> Queries running now. Got a full(er) list of sources? Likely spoofed
>>> or no?
>>
>> Pretty sure it's spoofed. I'm definitely seeing backscatter here. It
>> looks like:
>>
>> 20:26:13.233527 204.74.101.1.53 > 206.168.189.6.37289: 62889*- 1/3/0 A
>> 72.52.5.60 (117) (DF)
>
> is this the thing that was attacked 2 weeks ago on ultra/register/blah?
> I ask since it's also behind prolexic now...
Nope, it is a different domain.
nick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iEYEARECAAYFAknlVp0ACgkQi10dJIBjZIBgRQCeO3yW5LeoDebOmqZGsT8y//I8
4XAAoOswmdA2aI7eCMhs28XrJYUhnYX+
=Tt9z
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list