[nsp-sec] Another DDoS attack against the Swedish Police
Par Osterberg Medina
par.osterberg at sitic.se
Mon Nov 16 06:36:54 EST 2009
Hello,
Here is another attack against the web site of Swedish Police. The
attack was quite similar what we saw before. It is TCP-SYN packets to
port 80 and/or UDP-packets to port 53 targeted at 147.186.254.52. To our
knowledge, the attack is not ongoing.
When I run the two attacks against our analyst engine I found that out
of the 317 IP addresses involved in the second attack, 47 where also
involved in the first attack. So if you have already ACK:ed for your IPs
in the first attack, they might show up again.
The time zone is still Swedish time plus 1 hour and 15 minutes (UTC
+2.15). I'm still looking for an easy way to correct the time drift, so
toss your code snippets at me please...
Regards
--
Pär Österberg Medina
Sitic, GovCERT-SE
https://www.sitic.se/par.osterberg_at_sitic.se.asc
FCFC D74F 5708 D228 32CB B547 A481 1FB9 DC14 8BBF
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 2nd.attack_port53.txt
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20091116/8a32be7a/attachment-0002.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 2nd.attack_port80.txt
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20091116/8a32be7a/attachment-0003.txt>
More information about the nsp-security
mailing list