[nsp-sec] DDoS to 72.167.232.201
Rob Thomas
robt at cymru.com
Thu Jul 9 23:45:10 EDT 2009
Hey, Greg.
> We've been taking it since Tuesday night. Looks to be SYN and ICMP, but it
> could be more than that. Any info would be helpful.
We don't see anything obviously related. An online criminal was sharing
the output of "uname -a" supposedly from 72.167.232.201 on a carding
channel back on 2009-05-26 22:58:23 UTC. These are generally
advertisements of compromised hosts for sale. I'll send you the details
off-list.
Thanks,
Rob.
--
Rob Thomas
Team Cymru
http://www.team-cymru.org/
cmn_err(CEO_PANIC, "Out of coffee!");
More information about the nsp-security
mailing list