[nsp-sec] DNS DDoS against Softlayer
Nicholas Ianelli
ni at centergate.net
Thu May 28 11:48:43 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Teams, The sources from the packeting we took last week are attached
> - anyone know of bots or C&Cs related?
>
> Can folks from Rackspace, SoftLayer, or other please post sources for
> correlation?
I checked your sources against the two most recent attacks we saw:
1.) list of ~3K UDP
2.a) list of ~400 TCP
2.b) list of ~900 UDP
Unfortunately I was unable to locate a single similar host between the
two lists.
Have you tried to reach out to KRCERT? They are a very responsive group
and may be able to assist in shutting down/cleaning up those hosts or
locating the C2.
Nick
- --
Nicholas Ianelli: NeuStar, Inc.
Security Operations
46000 Center Oak Plaza Sterling, VA 20166
+1 571.434.4691 - http://www.neustar.biz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iEYEARECAAYFAkoeslsACgkQi10dJIBjZIDF+QCgwm+mUrU34y/fz7iZmz9cM3bJ
p1cAn24Ye+R9Rpmh9er8+bCUxwP3huOj
=adnk
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list