[nsp-sec] DNS DDoS against Softlayer
Tom Daly
tom at dyn-inc.com
Thu May 28 12:05:56 EDT 2009
> I checked your sources against the two most recent attacks we saw:
>
> 1.) list of ~3K UDP
> 2.a) list of ~400 TCP
> 2.b) list of ~900 UDP
>
> Unfortunately I was unable to locate a single similar host between
> the
> two lists.
Nick,
Interesting that nothing overlaps. Can you expand on the nature of the attacks you say? You said UDP/TCP above, but can you provide any detail on the payloads? Perhaps provide the source list as I did?
> Have you tried to reach out to KRCERT? They are a very responsive
> group
> and may be able to assist in shutting down/cleaning up those hosts or
> locating the C2.
No, looking into this now. Can you recommend a trusted contact there?
Regards,
Tom Daly
--
Tom Daly
Dynamic Network Services, Inc.
P: +1-603-296-1537
http://dynamicnetworkservices.com/
More information about the nsp-security
mailing list