[nsp-sec] DDoS Targeting 142.176.133.233 & 142.176.133.235
Chris Calvert
Chris.Calvert at telus.com
Mon Nov 2 15:10:58 EST 2009
I only see a little spike in traffic today to .235, TCP/80. An extremely uninteresting bit of traffic to classicfreight.ca (based on reverse DNS) from ~12:15pm to 1:03pm GMT. 155.80 KB, 415 BPS.
I only look into what's coming from our DSL customers, versus whatever is going through our core.
Chris
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-
> bounces at puck.nether.net] On Behalf Of White, Gerard
> Sent: Monday, November 02, 2009 11:23 AM
> To: NSP-Sec
> Subject: [nsp-sec] DDoS Targeting 142.176.133.233 & 142.176.133.235
>
> ----------- nsp-security Confidential --------
>
> Greetings.
>
>
>
> Would appreciate it if folks could check their flows for participants.
> DDoS ongoing today (Monday, November-02-09)
>
>
>
> While we are filtering away DDoS traffic using an IPv4 TTL filter,
> miscreant is actively countering our efforts by changing
>
> the TTL values in DDoS traffic from their botnet... ugly...
>
>
>
> Thanks in advance.
>
>
>
> GW
>
> 855 - Bell Aliant
>
>
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
More information about the nsp-security
mailing list