[nsp-sec] Possible AT&T DoS
Rob Thomas
robt at cymru.com
Thu Feb 5 11:48:50 EST 2009
Response sent off-list.
CASEY, JOEL J, ATTSI wrote:
> Rob, Tino
>
> Can one of you send an email with logs, IP&time-date stamp data?
> Thanks
>
> Joel Casey
> Security Manager
> AT&T CSO Internet Services Security Center
> joeljcasey at att.com
> Desk:919-319-8115
> Mobile:919-949-5058
>
>
>
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Rob Thomas
> Sent: Tuesday, February 03, 2009 4:24 PM
> To: Tino Steward
> Cc: NSP-Security
> Subject: Re: [nsp-sec] Possible AT&T DoS
>
> ----------- nsp-security Confidential --------
>
> Hey, Tino.
>
>> We are seeing quite a bit of TCP ACK traffic all of a sudden to
> 63.240.117.170.
>
> We see 63.240.117.170 attempting to connect to a known C&C on
> 196.205.243.52. The C&C port we see is on TCP 1993, however. The most
> recent connection attempt is 2009-01-15 19:14:48 UTC.
>
> Dunno if that's related, but I thought I'd mention it.
>
> Thanks,
> Rob.
> --
> Rob Thomas
> Team Cymru
> http://www.team-cymru.org/
> cmn_err(CEO_PANIC, "Out of coffee!");
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
--
Rob Thomas
Team Cymru
http://www.team-cymru.org/
cmn_err(CEO_PANIC, "Out of coffee!");
More information about the nsp-security
mailing list