[nsp-sec] 8 Gbps DDoS against AS 3307 IRC server yesterday
Scott A. McIntyre
scott at xs4all.net
Tue Aug 4 07:20:39 EDT 2009
Howdy,
On Aug 4, 2009, at 11:02 , Dirk Stander wrote:
> ----------- nsp-security Confidential --------
>
> .: sthaug at nethelp.no (Tue, Aug 04, 2009 at 10:52:41AM +0200)
>> Schlund/1&1 1.96 Gbps AS8560 87.106.0.0/16
>
> Hi,
>
> we are aware of this botnet (it's a smallish one which consists
> of UNIX servers cracked by the last phpmyadmin RFI).
>
> C&C is 79.99.130.125 6667 -- we are in contact with govCERT.NL
That IP doesn't belong to the Dutch Government, so their CERT team
*HOPEFULLY* has no actual control over it -- quite worrying if so! ;-)
I've been in touch with them as an ISP and they're currently doing
forensics, grabbing netstat, lsof, logs, etc...if anything useful
comes out of it and can be shared, I'll push it out to the community
ASAP!
Cheers,
Scott A. McIntyre
XS4ALL Internet B.V.
More information about the nsp-security
mailing list