[nsp-sec] Twitter under attack?
Chris Morrow
morrowc at ops-netman.net
Thu Aug 6 13:20:13 EDT 2009
On Thu, 6 Aug 2009, Shelton, Steve wrote:
> ----------- nsp-security Confidential --------
>
> Guy's
>
> Some of the spammed urls including Facebook and Youtube that were seen
> here were which suggest the list of victims may be larger than just a
> few sites.
is it pretty clear at this time that this is related to the
georgian/russian events? Should we be reporting that sort of 'cause' up
some?
-chris
>
> Depicted as mail source | spammed URL:
>
> 83.9.162.247 | www1.abkhaziya.net
> 201.50.29.50 | facebook.com/cyxymu
> 79.178.199.67 | cyxymu1.livejournal.com
> 189.31.187.42 | youtube.com/Cyxymu
>
> Steve Shelton
> Network Security Engineer
> Cogent Communications
>
>
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Scott A.
> McIntyre
> Sent: Thursday, August 06, 2009 9:50 AM
> To: David Freedman
> Cc: nsp-security at puck.nether.net
> Subject: Re: [nsp-sec] Twitter under attack?
>
> ----------- nsp-security Confidential --------
>
>
> On Aug 6, 2009, at 16:56 , David Freedman wrote:
>
>> ----------- nsp-security Confidential --------
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> "Ongoing denial-of-service attack 6 minutes ago
>> We are defending against a denial-of-service attack, and will update
>> status again shortly." - http://status.twitter.com
>>
>> Anybody have contacts there who may need our help?
>
> At the time this started I noticed a large flood of emails through our
> network which were like:
>
> ---
> Helo.
> Visit my blog!
>
> hxxp:// twitter .com/cyxymu
>
> Thanks for looking my Blog.
>
> ---
> Regards
> mailto:cyxymu at gmail.com
> ---
>
> Spaces added by me. Also seen:
>
> ---
> hi.
> Important message: Watch for ya!
>
> hxxp:// cyxymu1. livejournal.com
>
> Thanks for looking my Blog.
>
> ---
> Regards
> mailto:cyxymu at gmail.com
> ---
>
> Maybe a coincidence, maybe not. I see a lot of 80/tcp syn and 443/tcp
> syn heading there, but I have no idea if that's normal and just due to
> Twits not being able to talk to the mothership or what...
>
> Scott A. McIntyre
> XS4ALL
>
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>
More information about the nsp-security
mailing list