[nsp-sec] Our external SMTP server is being hammered - ACK 855 + Info
Nicholas Ianelli
ni at centergate.net
Mon Jul 13 17:43:33 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
My sincerest apologies for the delay, does anyone have the malware that
leverages advantastar.us as the C2?
Cheers,
Nick
White, Gerard wrote:
> ----------- nsp-security Confidential --------
>
> Greetings.
>
> First off, ACK 855
>
> Second, it appears you've been heavily targeted by a Spam Cannon run whose HTTP based C&C is here:
>
> AS | IP | AS Name
> 32475 | 99.198.110.114 | SINGLEHOP-INC - SingleHop
>
> POST /main.php HTTP/1.1
> Host: advantastar.us
>
>
> Hope that helps...
>
> GW
> 855 - Bell Aliant
>
>
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Joel Rosenblatt
> Sent: Wednesday, July 08, 2009 4:29 PM
> To: nsp-security at puck.nether.net
> Subject: [nsp-sec] Our external SMTP server is being hammered
>
> ----------- nsp-security Confidential --------
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
- --
Nicholas Ianelli: NeuStar, Inc.
Security Operations
46000 Center Oak Plaza Sterling, VA 20166
+1 571.434.4691 - http://www.neustar.biz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iEYEARECAAYFAkpbqoQACgkQi10dJIBjZIB76wCfVzB8ACQFpM/FpTVh2e2OIkQq
wNMAnRs1AMsrjj6xKXNb2jto67lLiboC
=nrCp
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list