[nsp-sec] Multiple DDoS attacks

구자현 k55k559 at lgdacom.net
Wed Jul 8 17:38:38 EDT 2009 

This site is downloder sites following ddos attack 


http://117.18.237.20/flash.gif
http://12.129.242.20/flash.gif
http://122.208.224.55/flash.gif
http://124.131.219.22/flash.gif
http://124.83.226.246/flash.gif
http://163.19.209.22/flash.gif
http://174.129.217.8/flash.gif
http://174.142.97.10/flash.gif
http://174.35.12.80/flash.gif
http://174.36.91.30/flash.gif
http://192.150.18.60/flash.gif
http://192.150.8.60/flash.gif
http://195.239.111.51/flash.gif
http://198.172.86.247/flash.gif
http://200.6.218.194/flash.gif
http://201.116.58.131/flash.gif
http://202.14.70.116/flash.gif
http://202.143.88.6/flash.gif
http://202.146.4.17/flash.gif
http://202.210.130.141/flash.gif
http://202.222.19.89/flash.gif
http://202.232.67.114/flash.gif
http://202.32.225.45/flash.gif
http://202.93.69.243/flash.gif
http://203.104.255.196/flash.gif
http://203.133.238.86/flash.gif
http://203.66.134.19/flash.gif
http://203.66.138.31/flash.gif
http://203.66.138.32/flash.gif
http://207.199.89.152/flash.gif
http://208.112.58.116/flash.gif
http://208.67.226.9/flash.gif
http://208.70.247.68/flash.gif
http://208.71.107.54/flash.gif
http://209.222.148.148/flash.gif
http://209.222.148.150/flash.gif
http://210.102.100.150/flash.gif
http://210.133.105.115/flash.gif
http://210.133.105.162/flash.gif
http://210.167.34.106/flash.gif
http://210.188.221.82/flash.gif
http://211.108.92.4/flash.gif
http://211.13.210.84/flash.gif
http://211.236.177.177/flash.gif
http://211.236.189.240/flash.gif
http://211.49.162.205/flash.gif
http://216.14.84.61/flash.gif
http://216.38.164.142/flash.gif
http://218.32.192.107/flash.gif
http://219.94.194.237/flash.gif
http://43.253.232.40/flash.gif
http://43.253.36.45/flash.gif
http://43.253.37.80/flash.gif
http://58.158.148.185/flash.gif
http://58.215.76.82/flash.gif
http://58.218.201.187/flash.gif
http://60.191.185.71/flash.gif
http://61.125.141.51/flash.gif
http://61.135.133.35/flash.gif
http://61.135.134.251/flash.gif
http://61.211.165.140/flash.gif
http://61.31.202.65/flash.gif
http://62.193.255.220/flash.gif
http://63.216.60.71/flash.gif
http://67.205.112.104/flash.gif
http://67.207.210.208/flash.gif
http://67.21.114.16/flash.gif
http://68.142.234.143/flash.gif
http://69.162.73.154/flash.gif
http://69.175.8.234/flash.gif
http://69.22.138.89/flash.gif
http://69.43.149.237/flash.gif
http://72.247.247.35/flash.gif
http://74.205.62.39/flash.gif
http://75.151.32.182/flash.gif
http://8.12.131.30/flash.gif
http://8.17.248.8/flash.gif
http://80.239.186.20/flash.gif
http://80.5.176.140/flash.gif
http://83.138.162.11/flash.gif
http://83.231.143.134/flash.gif
http://85.255.198.237/flash.gif
http://85.255.207.100/flash.gif
http://92.63.2.118/flash.gif
http://93.190.142.11/flash.gif
http://94.75.218.85/flash.gif


---------------------------------------------------------
 Koo, Jahyun / ITPE 
  CISSP,CISA,CSA,CCIE(Routing&Switching), BS7799 L.A
  BORANet/DACOM  Internet tech & Security team
  E-mail : k55k559 at chollian.net
  phone : 019-393-0009
  f a x : 02-2089-5997
 --------------------------------------------------------





John Fraizer <john at op-sec.us>
☎Tel:
발신인: nsp-security-bounces at puck.nether.net
2009-07-09 06:23 AM

수신인:        nsp-security at puck.nether.net
참조인: 
제목:           Re: [nsp-sec] Multiple DDoS attacks


----------- nsp-security Confidential --------

I'm capturing flows on 216.199.83.203.


On Wed, Jul 8, 2009 at 4:03 AM, Dave Mitchell <davem at yahoo-inc.com> wrote:

> ----------- nsp-security Confidential --------
>
>
> Anyone gathering intel on?
>
> Remote Host     Port Number
> 213.33.116.41   53
> 216.199.83.203  80
> 213.23.243.210  443
>
>
> http://www.threatexpert.com/report.aspx?md5=0f394734c65d44915060b36a0b1a972d
>
> The malware in those droppers seems to speak to it and I verified in a
> sandbox.
>
> -dave
>
>


_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security

Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security 
counter-measures.
_______________________________________________






**********************************************************************************
LG데이콤의 메일 주소가 2008.7.1일부터 ID at dacom.net => ID at lgdacom.net으로 
변경되었습니다.
LGDacom has changed its company e-mail address from ID at dacom.net to 
ID at lgdacom.net by 1 July, 2008.
**********************************************************************************

More information about the nsp-security mailing list