[nsp-sec] DNS DDoS against Softlayer
Nicholas Ianelli
ni at centergate.net
Thu May 28 12:45:17 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Nick, Interesting that nothing overlaps. Can you expand on the nature
> of the attacks you say? You said UDP/TCP above, but can you provide
> any detail on the payloads? Perhaps provide the source list as I did?
Sure, if you store nsp-sec mail or have access to the list archives,
look for these two Subject lines:
[nsp-sec] DNS Flood to Ultra
2009.03.31 10:48 AM
[nsp-sec] UDP based DDoS Attack
2009.05.12 15:35 PM
[nsp-sec] TCP SYN attack
2009.05.12 15:55 PM
Otherwise I can forward you the data and the details.
>> Have you tried to reach out to KRCERT? They are a very responsive
>> group and may be able to assist in shutting down/cleaning up those
>> hosts or locating the C2.
>
> No, looking into this now. Can you recommend a trusted contact there?
My two contacts have left. Let me see what I can find and get back to you.
Nick
- --
Nicholas Ianelli: NeuStar, Inc.
Security Operations
46000 Center Oak Plaza Sterling, VA 20166
+1 571.434.4691 - http://www.neustar.biz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iEYEARECAAYFAkoev50ACgkQi10dJIBjZIDn8ACglls8fC9wuQ1gqdgJk6tXt2Kl
5BgAoMN+9+LNEd9yZEcv+BRCHVVRNtwm
=CVnN
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list