[nsp-sec] Possible AT&T DoS
CASEY, JOEL J, ATTSI
joeljcasey at att.com
Tue Feb 3 16:33:00 EST 2009
Rob, Tino
Can one of you send an email with logs, IP&time-date stamp data?
Thanks
Joel Casey
Security Manager
AT&T CSO Internet Services Security Center
joeljcasey at att.com
Desk:919-319-8115
Mobile:919-949-5058
-----Original Message-----
From: nsp-security-bounces at puck.nether.net
[mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Rob Thomas
Sent: Tuesday, February 03, 2009 4:24 PM
To: Tino Steward
Cc: NSP-Security
Subject: Re: [nsp-sec] Possible AT&T DoS
----------- nsp-security Confidential --------
Hey, Tino.
> We are seeing quite a bit of TCP ACK traffic all of a sudden to
63.240.117.170.
We see 63.240.117.170 attempting to connect to a known C&C on
196.205.243.52. The C&C port we see is on TCP 1993, however. The most
recent connection attempt is 2009-01-15 19:14:48 UTC.
Dunno if that's related, but I thought I'd mention it.
Thanks,
Rob.
--
Rob Thomas
Team Cymru
http://www.team-cymru.org/
cmn_err(CEO_PANIC, "Out of coffee!");
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the
nsp-security
community. Confidentiality is essential for effective Internet security
counter-measures.
_______________________________________________
More information about the nsp-security
mailing list