[nsp-sec] Twitter under attack?

Chris Calvert Chris.Calvert at telus.com
Thu Aug 6 12:10:55 EDT 2009 

I'm not seeing anything anomalous in terms of traffic, but there is definitely something going on that is impacting at least LJ and Twitter.

Raised this elsewhere:
The LJ site references the spam and DDoS, has some content on the Georgian-Abkhazian conflict.

http://translate.google.ca/translate?u=http%3A%2F%2Fcyxymu.livejournal.com%2F&sl=ru&tl=en&hl=en&ie=UTF-8

LJ content suggests they are victims of a joe job and that this may be related to Russia/Georgia/Abkhazia geopolitics.

Chris

> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-
> bounces at puck.nether.net] On Behalf Of Scott A. McIntyre
> Sent: Thursday, August 06, 2009 9:50 AM
> To: David Freedman
> Cc: nsp-security at puck.nether.net
> Subject: Re: [nsp-sec] Twitter under attack?
> 
> ----------- nsp-security Confidential --------
> 
> 
> On Aug 6, 2009, at 16:56 , David Freedman wrote:
> 
> > ----------- nsp-security Confidential --------
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > "Ongoing denial-of-service attack 6 minutes ago
> > We are defending against a denial-of-service attack, and will update
> > status again shortly." - http://status.twitter.com
> >
> > Anybody have contacts there who may need our help?
> 
> At the time this started I noticed a large flood of emails through our
> network which were like:
> 
> ---
> Helo.
> Visit my blog!
> 
> hxxp:// twitter .com/cyxymu
> 
> Thanks for looking my Blog.
> 
> ---
> Regards
> mailto:cyxymu at gmail.com
> ---
> 
> Spaces added by me.  Also seen:
> 
> ---
> hi.
> Important message: Watch for ya!
> 
> hxxp:// cyxymu1. livejournal.com
> 
> Thanks for looking my Blog.
> 
> ---
> Regards
> mailto:cyxymu at gmail.com
> ---
> 
> Maybe a coincidence, maybe not.  I see a lot of 80/tcp syn and 443/tcp
> syn heading there, but I have no idea if that's normal and just due to
> Twits not being able to talk to the mothership or what...
> 
> Scott A. McIntyre
> XS4ALL
> 
> 
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________

More information about the nsp-security mailing list