[nsp-sec] Possible AT&T DoS

Tino Steward tsteward at us.ntt.net
Wed Feb 4 14:46:25 EST 2009 

I'll see what I can find. I didn't save any of the logs from yesterday, but I'll see if we have anything.
tino

On Tue, Feb 03, 2009 at 04:33:00PM -0500, CASEY, JOEL J, ATTSI wrote:
> Rob, Tino
> 
> Can one of you send an email with logs, IP&time-date stamp data?
> Thanks
> 
> Joel Casey
> Security Manager
> AT&T CSO Internet Services Security Center
> joeljcasey at att.com
> Desk:919-319-8115
> Mobile:919-949-5058
> 
> 
> 
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Rob Thomas
> Sent: Tuesday, February 03, 2009 4:24 PM
> To: Tino Steward
> Cc: NSP-Security
> Subject: Re: [nsp-sec] Possible AT&T DoS
> 
> ----------- nsp-security Confidential --------
> 
> Hey, Tino.
> 
> > We are seeing quite a bit of TCP ACK traffic all of a sudden to
> 63.240.117.170.
> 
> We see 63.240.117.170 attempting to connect to a known C&C on
> 196.205.243.52.  The C&C port we see is on TCP 1993, however.  The most
> recent connection attempt is 2009-01-15 19:14:48 UTC.
> 
> Dunno if that's related, but I thought I'd mention it.
> 
> Thanks,
> Rob.
> --
> Rob Thomas
> Team Cymru
> http://www.team-cymru.org/
> cmn_err(CEO_PANIC, "Out of coffee!");
> 
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________

-- 

Tino T. Steward SNA1 - Security & Abuse	                                     tsteward at us.ntt.net
NTT Communications Global IP Network Operations Center                       
214-853-7344 (Ph.)                                                           214.800.7771 (Fax) 

AUP online: http://www.nttamerica.com/legal/internet/acceptable_policy.html 
AUP online: http://www.ntt.net/library/pdf/AUP.pdf 

Check http://www.cert.org for some of the latest documented exploits and your OS manufacturer for the latest security patches.

Intruder detection: http://www.cert.org/tech_tips/intruder_detection_checklist.html

Latest viruses: http://www.cert.org

Recovering from a compromised host: http://www.cert.org/tech_tips/win-UNIX-system_compromise.html

More information about the nsp-security mailing list