[nsp-sec] DDoS to the Presidential web site of Uruguay
Nicholas Ianelli
ni at cert.org
Fri Feb 6 15:00:39 EST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- From the reporter:
"Right now we are filtering all the traffic to the site form the outside
on the Uruguay Internet Border routers to re-up the system internally."
Nick
Smith, Donald wrote:
> Nic, I used flows from today starting with 12:00 GMT.
> If I did my math correctly and they spotted this at 12:08 GMT-2 I think I have to go back and use the 2200-2359 flows from yesterday. Is that correct??
>
> I also did a bi-directional netflow report for 200.40.175.8 from today and saw nothing towards or from that ip.
>
> So I tried traceroute and connections to port 80 on that ip:)
>
>> traceroute 200.40.175.8
> traceroute to 200.40.175.8 (200.40.175.8), 64 hops max, 40 byte packets
> 1 min-core-02.inet.qwest.net (205.171.128.194) 0.371 ms 0.275 ms 0.352 ms
> 2 cer-core-02.inet.qwest.net (67.14.8.14) 10.109 ms 10.334 ms 11.461 ms
> 3 chp-brdr-01.inet.qwest.net (205.171.139.150) 10.334 ms 10.193 ms 10.225 m
> s
> 4 chi1-qwest-2.chi.seabone.net (195.22.222.157) 10.364 ms 11.201 ms 10.296
> ms
> 5 * * *
> 6 * * *
> 7 * *^C
>
>
>> telnet 200.40.175.8 80
> Trying 200.40.175.8...
> telnet: connect to address 200.40.175.8: Operation timed out
> telnet: Unable to connect to remote host
>
>
> It looks down to me. Traceroute died and I couldn't connect to port 80 with telnet as it timed out.
>
>
> (coffee != sleep) & (!coffee == sleep)
> Donald.Smith at qwest.com gcia
>
>> -----Original Message-----
>> From: Nicholas Ianelli [mailto:ni at cert.org]
>> Sent: Friday, February 06, 2009 12:33 PM
>> To: Smith, Donald
>> Cc: 'nsp-security NSP'
>> Subject: Re: [nsp-sec] DDoS to the Presidential web site of Uruguay
>>
> Don,
>
> Does this help:
>
> The timezone is GMT-2 (now is 16:48)
>
> 2009-02-06 12:08:40 71.210.189.217 - 200.40.175.8 80 GET
> /Default.htm -
> 500
> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+SV1;+.NET+C
> LR+2.0.50727)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iEYEARECAAYFAkmMlucACgkQi10dJIBjZIDhZgCcCKCHkISv0qFjgkkMdzmzkhlG
EuEAn1vd4e/CK20bvSQyF22c1n6speAd
=aGKF
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list