[nsp-sec] KR DDoS - Command and Control servers - Yup, they're still out there
White, Gerard
Gerard.White at bellaliant.ca
Tue Nov 10 18:46:13 EST 2009
Its just a wild GUESS... But this /32 may have something to do with
this:
AS | IP | AS Name
4134 | 219.149.195.152 | CHINANET-BACKBONE No.31,Jin-rong Street
GET /ip.txt HTTP/1.1 Host: hl.uckoe.com
GET /ip.htm HTTP/1.1 Referer: hxxp://xlang.uckoe.com:80/ip.htm
GW
855 - Bell Aliant
-----Original Message-----
From: nsp-security-bounces at puck.nether.net
[mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Nicholas
Ianelli
Sent: November-10-09 5:34 PM
To: 'nsp-security at puck.nether.net'
Subject: [nsp-sec] KR DDoS - Command and Control servers - Yup,they're
still out there
More information about the nsp-security
mailing list