[nsp-sec] Anyone seeing any "packet love/DOS" heading for 64.75.15.144?
Chris Calvert
Chris.Calvert at telus.com
Wed May 6 12:29:30 EDT 2009
Perhaps related to?
http://www.h-i-r.net/2009/05/oprah-queen-of-sheeple-promotes-malware.html
I poked around a bit, but not seeing much of anything in terms of flow from my Internet customers to that IP on any service (caveat: sampled).
Chris
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of
> Barry Greene
> Sent: Tuesday, May 05, 2009 7:30 PM
> To: nsp-security at puck.nether.net
> Subject: [nsp-sec] Anyone seeing any "packet love/DOS"
> heading for 64.75.15.144?
>
> ----------- nsp-security Confidential --------
>
> Hi Team,
>
> Coupons.com is getting hit by a state orient DDOS attack (target
> 64.75.15.144). Some of the sources see thus far are:
>
> 8.18.65.21
> 8.5.245.39
> 129.176.151.25
> 12.36.123.2
> 130.13.10.227
>
> This is interfering with a "free food" campaign (i.e. legit customers
> logging on to get a coupon for free food).
>
> Any info would be helpful,
>
> Thanks,
>
> Barry Raveendran Greene
> Director, Juniper Security Incident Response Team (SIRT)
>
> Tel (Office): +1 408 936-6887
> Tel (Cell): +1 408 218-4669
> E-mail: bgreene at juniper.net
> !
> Chat Locations:
> AIM: Barry R Greene
> MSN: BarryRGreene
> Yahoo: BarryRGreene
> Skype: barrygreene
> Jabber: barryrgreene at jabber.tisf.net
> MSN: BarryRGreene at hotmail.com
>
> PGP: 0x16BF45F3
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security
> community. Confidentiality is essential for effective
> Internet security counter-measures.
> _______________________________________________
>
More information about the nsp-security
mailing list