[nsp-sec] ACK 3561 DDoS in progress
Buchanan, Mark
Mark.Buchanan at savvis.net
Mon Oct 12 17:22:37 EDT 2009
ACK AS3561
-----Original Message-----
From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Stephen Gill
Sent: Monday, October 12, 2009 3:09 PM
To: Matthew.Swaar at us-cert.gov; nsp-security at puck.nether.net
Subject: Re: [nsp-sec] DDoS in progress
----------- nsp-security Confidential --------
Unspoofed list, sorted by ASN. Timestamp from last seen column.
557 | 169.244.134.214 | 2009/10/12T03:34:25 | UMAINE-SYS-AS -
University of Maine System
557 | 169.244.143.121 | 2009/10/12T03:29:34 | UMAINE-SYS-AS -
University of Maine System
577 | 207.35.172.214 | 2009/10/12T03:37:36 | BACOM - Bell Canada
852 | 64.114.203.19 | 2009/10/12T03:37:37 | ASN852 - Telus Advanced
Communications
852 | 75.152.65.198 | 2009/10/12T03:37:38 | ASN852 - Telus Advanced
Communications
1659 | 120.118.254.248 | 2009/10/12T03:37:46 | ERX-TANET-ASN1 Tiawan
Academic Network (TANet) Information Center
2018 | 168.172.251.253 | 2009/10/12T03:37:42 | TENET-1
2042 | 61.6.163.30 | 2009/10/12T03:37:46 | ERX-JARING JARING
Communications Sdn Bhd.
2602 | 158.64.76.128 | 2009/10/12T03:37:42 | RESTENA Reseau
Teleinformatique de l_Education Nationale
2609 | 196.203.171.210 | 2009/10/12T03:36:46 | TN-BB-AS Tunisia BackBone
AS
2828 | 140.239.56.38 | 2009/10/12T03:24:17 | XO-AS15 - XO
Communications
2828 | 65.44.161.100 | 2009/10/12T03:37:40 | XO-AS15 - XO
Communications
2828 | 71.4.242.182 | 2009/10/12T03:37:27 | XO-AS15 - XO
Communications
3462 | 220.128.122.187 | 2009/10/12T03:37:38 | HINET Data Communication
Business Group
3561 | 205.216.16.70 | 2009/10/12T03:34:22 | SAVVIS - Savvis
3816 | 200.21.232.130 | 2009/10/12T03:37:47 | COLOMBIA
TELECOMUNICACIONES S.A. ESP
4134 | 125.79.156.224 | 2009/10/12T03:37:47 | CHINANET-BACKBONE
No.31,Jin-rong Street
4134 | 211.155.231.208 | 2009/10/12T03:37:44 | CHINANET-BACKBONE
No.31,Jin-rong Street
4134 | 218.17.5.151 | 2009/10/12T03:37:22 | CHINANET-BACKBONE
No.31,Jin-rong Street
4134 | 218.64.88.30 | 2009/10/12T03:32:38 | CHINANET-BACKBONE
No.31,Jin-rong Street
4134 | 222.92.116.39 | 2009/10/12T03:33:52 | CHINANET-BACKBONE
No.31,Jin-rong Street
4134 | 59.39.145.178 | 2009/10/12T03:37:15 | CHINANET-BACKBONE
No.31,Jin-rong Street
4134 | 61.146.46.100 | 2009/10/12T03:37:30 | CHINANET-BACKBONE
No.31,Jin-rong Street
4266 | 63.241.58.84 | 2009/10/12T03:37:43 | CERNET-ASN-BLOCK -
California Education and Research Federation Network
4323 | 199.197.2.141 | 2009/10/12T03:36:40 | TWTC - tw telecom
holdings, inc.
4323 | 66.193.211.70 | 2009/10/12T03:03:10 | TWTC - tw telecom
holdings, inc.
4323 | 97.65.164.211 | 2009/10/12T03:37:28 | TWTC - tw telecom
holdings, inc.
4515 | 220.241.247.174 | 2009/10/12T03:27:25 | ERX-STAR PCCW IMSBiz
4755 | 158.144.44.198 | 2009/10/12T03:37:44 | TATACOMM-AS TATA
Communications formerly VSNL is Leading ISP
4761 | 124.195.8.3 | 2009/10/12T03:37:43 | INDOSAT-INP-AP INDOSAT
Internet Network Provider
4766 | 118.46.147.201 | 2009/10/12T03:37:26 | KIXS-AS-KR Korea Telecom
4766 | 220.70.2.137 | 2009/10/12T03:37:42 | KIXS-AS-KR Korea Telecom
4808 | 202.108.9.6 | 2009/10/12T03:37:42 | CHINA169-BJ CNCGROUP IP
network China169 Beijing Province Network
4808 | 202.99.29.27 | 2009/10/12T03:37:36 | CHINA169-BJ CNCGROUP IP
network China169 Beijing Province Network
4812 | 222.73.228.7 | 2009/10/12T03:37:41 | CHINANET-SH-AP China
Telecom (Group)
4837 | 125.46.95.230 | 2009/10/12T03:37:26 | CHINA169-BACKBONE
CNCGROUP China169 Backbone
4837 | 211.155.234.99 | 2009/10/12T03:37:22 | CHINA169-BACKBONE
CNCGROUP China169 Backbone
4837 | 221.0.181.202 | 2009/10/12T03:37:46 | CHINA169-BACKBONE
CNCGROUP China169 Backbone
4837 | 221.13.79.18 | 2009/10/12T03:37:47 | CHINA169-BACKBONE
CNCGROUP China169 Backbone
4837 | 221.192.132.194 | 2009/10/12T03:37:42 | CHINA169-BACKBONE
CNCGROUP China169 Backbone
4837 | 58.240.237.32 | 2009/10/12T03:32:29 | CHINA169-BACKBONE
CNCGROUP China169 Backbone
6128 | 24.228.61.0 | 2009/10/12T03:37:30 | CABLE-NET-1 - Cablevision
Systems Corp.
6128 | 24.44.107.63 | 2009/10/12T03:37:46 | CABLE-NET-1 - Cablevision
Systems Corp.
6128 | 69.120.135.105 | 2009/10/12T03:37:36 | CABLE-NET-1 - Cablevision
Systems Corp.
6128 | 69.121.168.132 | 2009/10/12T03:37:36 | CABLE-NET-1 - Cablevision
Systems Corp.
6327 | 70.64.140.245 | 2009/10/12T03:37:44 | SHAW - Shaw
Communications Inc.
6389 | 168.10.168.61 | 2009/10/12T03:37:44 | BELLSOUTH-NET-BLK -
BellSouth.net Inc.
6429 | 200.31.42.3 | 2009/10/12T03:37:42 | Telmex Chile Internet
S.A.
6471 | 200.72.30.210 | 2009/10/12T03:37:36 | ENTEL CHILE S.A.
6478 | 173.28.164.240 | 2009/10/12T03:32:46 | ATT-INTERNET3 - AT&T
WorldNet Services
6619 | 203.244.221.3 | 2009/10/12T03:37:47 | SAMSUNGNETWORKS-AS-KR
Samsung Networks Inc.
7015 | 24.128.194.117 | 2009/10/12T03:37:47 | COMCAST-7015 - Comcast
Cable Communications Holdings, Inc
7015 | 24.147.201.72 | 2009/10/12T03:37:16 | COMCAST-7015 - Comcast
Cable Communications Holdings, Inc
7015 | 71.192.196.210 | 2009/10/12T03:36:43 | COMCAST-7015 - Comcast
Cable Communications Holdings, Inc
7016 | 24.23.98.38 | 2009/10/12T03:37:22 | CCCH-3 - Comcast Cable
Communications Holdings, Inc
7018 | 12.147.63.234 | 2009/10/12T03:37:47 | ATT-INTERNET4 - AT&T
WorldNet Services
7018 | 12.24.98.34 | 2009/10/12T03:32:23 | ATT-INTERNET4 - AT&T
WorldNet Services
7303 | 190.139.100.74 | 2009/10/12T03:37:47 | Telecom Argentina S.A.
7725 | 24.131.55.84 | 2009/10/12T03:37:31 | COMCAST-7725 - Comcast
Cable Communications Holdings, Inc
7725 | 24.99.224.136 | 2009/10/12T03:36:39 | COMCAST-7725 - Comcast
Cable Communications Holdings, Inc
7725 | 24.99.44.37 | 2009/10/12T03:37:44 | COMCAST-7725 - Comcast
Cable Communications Holdings, Inc
7725 | 68.59.241.175 | 2009/10/12T03:37:19 | COMCAST-7725 - Comcast
Cable Communications Holdings, Inc
7725 | 71.204.101.209 | 2009/10/12T03:13:50 | COMCAST-7725 - Comcast
Cable Communications Holdings, Inc
7725 | 76.97.170.39 | 2009/10/12T03:14:07 | COMCAST-7725 - Comcast
Cable Communications Holdings, Inc
7738 | 200.195.95.38 | 2009/10/12T03:37:31 | Telecomunicacoes da Bahia
S.A.
7738 | 200.223.136.114 | 2009/10/12T03:37:46 | Telecomunicacoes da Bahia
S.A.
7738 | 200.223.225.12 | 2009/10/12T03:37:47 | Telecomunicacoes da Bahia
S.A.
8048 | 190.205.174.89 | 2009/10/12T03:37:47 | CANTV Servicios,
Venezuela
8167 | 187.4.205.90 | 2009/10/12T03:37:42 | TELESC - Telecomunicacoes
de Santa Catarina SA
8167 | 201.40.172.99 | 2009/10/12T03:37:38 | TELESC - Telecomunicacoes
de Santa Catarina SA
8508 | 157.158.51.39 | 2009/10/12T03:37:10 | SILWEB-AS-EDU SILWEB
Autonomous System - Academic
9269 | 59.148.248.107 | 2009/10/12T03:34:22 | CTIHK-AS-AP City Telecom
(H.K.) Ltd.
9306 | 211.88.20.15 | 2009/10/12T03:37:41 | CIECC-AS-AP China
International Electronic Commerce Center
9318 | 110.8.253.100 | 2009/10/12T03:34:54 | HANARO-AS Hanaro Telecom
Inc.
9318 | 123.215.198.131 | 2009/10/12T03:37:47 | HANARO-AS Hanaro Telecom
Inc.
9829 | 203.110.245.250 | 2009/10/12T03:37:36 | BSNL-NIB National
Internet Backbone
9919 | 220.228.144.129 | 2009/10/12T03:37:39 | NCIC-TW New Century
InfoComm Tech Co., Ltd.
9929 | 210.51.10.197 | 2009/10/12T03:37:41 | CNCNET-CN China Netcom
Corp.
9988 | 203.81.81.36 | 2009/10/12T03:37:47 | MPT-AP Myanma Post and
Telecommunication
10126 | 114.30.47.10 | 2009/10/12T03:33:56 | CHTI-IP-AP Taiwan
Internet Gateway
10429 | 189.57.40.18 | 2009/10/12T03:37:36 | Telefonica Empresas SA
10429 | 200.205.87.106 | 2009/10/12T03:37:47 | Telefonica Empresas SA
10796 | 65.28.232.90 | 2009/10/12T03:36:49 | SCRR-10796 - Road Runner
HoldCo LLC
10796 | 65.31.16.168 | 2009/10/12T03:37:32 | SCRR-10796 - Road Runner
HoldCo LLC
10938 | 200.238.83.49 | 2009/10/12T03:37:47 | ITEP
10994 | 70.125.105.1 | 2009/10/12T03:37:09 | TAMPA2-TWC-5 - Road
Runner HoldCo LLC
11300 | 66.207.54.203 | 2009/10/12T03:37:45 | LYMANBROS - Lyman
Brothers
11351 | 74.69.3.233 | 2009/10/12T03:37:47 | RR-NYSREGION-ASN-01 -
Road Runner HoldCo LLC
11351 | 74.78.200.149 | 2009/10/12T03:37:35 | RR-NYSREGION-ASN-01 -
Road Runner HoldCo LLC
11426 | 69.132.50.3 | 2009/10/12T03:37:39 | SCRR-11426 - Road Runner
HoldCo LLC
11427 | 70.120.212.148 | 2009/10/12T03:36:18 | SCRR-11427 - Road Runner
HoldCo LLC
11427 | 72.191.39.87 | 2009/10/12T03:37:46 | SCRR-11427 - Road Runner
HoldCo LLC
11427 | 76.185.253.59 | 2009/10/12T03:36:01 | SCRR-11427 - Road Runner
HoldCo LLC
11664 | 200.80.183.15 | 2009/10/12T03:37:46 | Techtel LMDS
Comunicaciones Interactivas S.A.
11955 | 65.28.80.48 | 2009/10/12T03:37:14 | SCRR-11955 - Road Runner
HoldCo LLC
11955 | 76.85.164.71 | 2009/10/12T03:37:07 | SCRR-11955 - Road Runner
HoldCo LLC
12025 | 74.206.98.195 | 2009/10/12T03:34:28 | IO-DATA-CENTERS - IO Data
Centers
12258 | 196.2.128.19 | 2009/10/12T03:37:44 | YEBO-AS
13367 | 66.41.65.229 | 2009/10/12T03:37:41 | COMCAST-13367 - Comcast
Cable Communications Holdings, Inc
13432 | 70.173.21.122 | 2009/10/12T03:37:13 | ASN-CXA-LV-13432-CBS -
Cox Communications Inc.
13432 | 70.180.249.34 | 2009/10/12T03:37:35 | ASN-CXA-LV-13432-CBS -
Cox Communications Inc.
13489 | 190.248.8.163 | 2009/10/12T03:35:39 | EPM Telecomunicaciones
S.A. E.S.P.
13576 | 208.53.196.128 | 2009/10/12T03:35:55 | SDNET - SOUTH DAKOTA
NETWORK
14178 | 200.66.85.218 | 2009/10/12T03:33:28 | Megacable Comunicaciones
de Mexico, SA de CV
14259 | 190.196.4.52 | 2009/10/12T03:32:30 | Gtd Internet S.A.
16467 | 207.47.9.4 | 2009/10/12T03:37:47 | ASN-NEXTWEB-R1 - Nextweb,
Inc
16609 | 216.82.160.142 | 2009/10/12T03:37:47 | THE-AERO-GROUP-AS16609 -
The Aero Group, Inc.
16629 | 200.54.148.34 | 2009/10/12T03:37:47 | CTC. CORP S.A.
(TELEFONICA EMPRESAS)
16735 | 189.112.187.9 | 2009/10/12T03:37:46 | Companhia de
Telecomunicacoes do Brasil Central
16810 | 67.62.67.180 | 2009/10/12T03:37:31 | CAVTEL02 - Cavalier
Telephone
16811 | 148.78.243.53 | 2009/10/12T03:35:45 | SPACENET-GTH - Spacenet,
Inc.
17379 | 201.12.64.150 | 2009/10/12T03:35:46 | Intelig Telecomunica Ltda
17506 | 221.116.142.90 | 2009/10/12T03:37:47 | UCOM UCOM Corp.
17625 | 202.131.98.165 | 2009/10/12T03:37:47 | BLAZENET-IN-AP BlazeNet_s
Network
17775 | 211.144.106.82 | 2009/10/12T03:34:32 | STN-CN SHANGHAI Guangdian
Electronics Group Co.,Ltd
17970 | 219.90.91.69 | 2009/10/12T03:34:06 | INTERISLAND-AS-AP TRI i
AS Inter-Island Information Systems, Inc., AS Internet Service Provider and
Internet Data Center, Manila PH
17970 | 219.90.92.82 | 2009/10/12T03:37:35 | INTERISLAND-AS-AP TRI i
AS Inter-Island Information Systems, Inc., AS Internet Service Provider and
Internet Data Center, Manila PH
17974 | 118.96.148.3 | 2009/10/12T03:36:44 | TELKOMNET-AS2-AP PT
Telekomunikasi Indonesia
18403 | 210.245.63.218 | 2009/10/12T03:36:41 | FPT-AS-AP The Corporation
for Financing & Promoting Technology
19108 | 74.194.177.114 | 2009/10/12T03:37:43 | SUDDENLINK-COMMUNICATIONS
- Suddenlink Communications
19114 | 200.7.196.141 | 2009/10/12T03:37:46 | Otecel S.A.
19262 | 71.163.111.196 | 2009/10/12T03:37:13 | VZGNI-TRANSIT - Verizon
Internet Services Inc.
19262 | 72.75.100.48 | 2009/10/12T03:04:35 | VZGNI-TRANSIT - Verizon
Internet Services Inc.
19429 | 190.24.132.162 | 2009/10/12T03:37:46 | ETB - Colombia
19429 | 190.27.194.90 | 2009/10/12T03:37:18 | ETB - Colombia
19429 | 200.119.8.230 | 2009/10/12T03:37:14 | ETB - Colombia
19429 | 201.245.181.206 | 2009/10/12T03:36:30 | ETB - Colombia
20001 | 75.83.187.61 | 2009/10/12T03:13:16 | ROADRUNNER-WEST - Road
Runner HoldCo LLC
20115 | 66.190.52.247 | 2009/10/12T03:37:15 | CHARTER-NET-HKY-NC -
Charter Communications
20115 | 71.81.60.42 | 2009/10/12T03:37:46 | CHARTER-NET-HKY-NC -
Charter Communications
20178 | 66.128.128.56 | 2009/10/12T03:34:25 | INTERNETEMC - Internet
EMC
21844 | 207.44.255.162 | 2009/10/12T03:37:39 | THEPLANET-AS -
ThePlanet.com Internet Services, Inc.
21844 | 74.54.156.73 | 2009/10/12T03:37:41 | THEPLANET-AS -
ThePlanet.com Internet Services, Inc.
22258 | 174.50.34.26 | 2009/10/12T03:14:28 | COMCAST-22258 - Comcast
Cable Communications Holdings, Inc
22258 | 75.65.64.126 | 2009/10/12T03:35:51 | COMCAST-22258 - Comcast
Cable Communications Holdings, Inc
22258 | 75.66.49.218 | 2009/10/12T03:37:42 | COMCAST-22258 - Comcast
Cable Communications Holdings, Inc
22258 | 76.107.213.79 | 2009/10/12T03:32:17 | COMCAST-22258 - Comcast
Cable Communications Holdings, Inc
22258 | 98.239.51.193 | 2009/10/12T03:37:42 | COMCAST-22258 - Comcast
Cable Communications Holdings, Inc
22298 | 66.63.165.7 | 2009/10/12T03:34:12 | SPNW - Secured Private
Network
22439 | 74.222.1.99 | 2009/10/12T03:35:51 | VRTSERVERS - Vrtservers,
Inc
22773 | 68.103.197.158 | 2009/10/12T03:37:25 | ASN-CXA-ALL-CCI-22773-RDC
- Cox Communications Inc.
22773 | 68.106.161.233 | 2009/10/12T03:37:46 | ASN-CXA-ALL-CCI-22773-RDC
- Cox Communications Inc.
22773 | 68.11.182.111 | 2009/10/12T03:37:40 | ASN-CXA-ALL-CCI-22773-RDC
- Cox Communications Inc.
22773 | 68.229.158.213 | 2009/10/12T03:37:15 | ASN-CXA-ALL-CCI-22773-RDC
- Cox Communications Inc.
22773 | 72.200.65.61 | 2009/10/12T03:37:17 | ASN-CXA-ALL-CCI-22773-RDC
- Cox Communications Inc.
23106 | 201.62.130.70 | 2009/10/12T03:37:41 | Empresa de Infovias S/A
23672 | 122.128.100.21 | 2009/10/12T03:37:43 | ENETNP-AS Everest Net,
23844 | 124.42.1.165 | 2009/10/12T03:33:09 | BJ-GUANGHUAN-AP Beijing
Guanghuan Xinwang Digital
23974 | 203.172.160.242 | 2009/10/12T03:32:31 | MOE-EDNET-AS-AP Ministry
of education
25994 | 24.121.67.4 | 2009/10/12T03:36:19 | NPG-001 - NPG Cable, INC
26105 | 201.218.253.106 | 2009/10/12T03:37:41 | Telecarrier, Inc
26609 | 189.8.52.186 | 2009/10/12T03:37:28 | Universal Telecom S/A
26794 | 72.20.81.124 | 2009/10/12T03:37:46 | DCN-AS - Dakota Carrier
Network
27699 | 200.171.103.124 | 2009/10/12T03:37:35 | TELECOMUNICACOES DE SAO
PAULO S/A - TELESP
27798 | 200.6.162.31 | 2009/10/12T03:37:47 | COSTAVISION S.A.
27947 | 190.95.174.14 | 2009/10/12T03:37:42 | Telconet S.A
27947 | 201.218.12.54 | 2009/10/12T03:34:26 | Telconet S.A
28168 | 187.63.227.18 | 2009/10/12T03:37:47 |
28260 | 187.16.242.246 | 2009/10/12T03:37:46 |
28276 | 189.14.64.180 | 2009/10/12T03:37:47 | MIKROCENTER INFORM?TICA
LTDA.
28667 | 189.1.179.89 | 2009/10/12T03:32:44 | Network Telecomunicações
LTDA
29859 | 64.53.253.64 | 2009/10/12T03:37:47 | WOW-INTERNET-ILL -
WideOpenWest Finance LLC
32613 | 174.142.104.57 | 2009/10/12T03:37:47 | IWEB-AS - iWeb
Technologies Inc.
33070 | 72.32.122.8 | 2009/10/12T03:37:47 | RMH-14 - Rackspace.com,
Ltd.
33287 | 68.36.189.253 | 2009/10/12T03:35:08 | COMCAST-33287 - Comcast
Cable Communications, Inc.
33287 | 68.36.61.43 | 2009/10/12T03:37:11 | COMCAST-33287 - Comcast
Cable Communications, Inc.
33287 | 68.38.247.234 | 2009/10/12T03:37:05 | COMCAST-33287 - Comcast
Cable Communications, Inc.
33287 | 68.81.49.135 | 2009/10/12T03:37:44 | COMCAST-33287 - Comcast
Cable Communications, Inc.
33287 | 76.117.231.124 | 2009/10/12T03:37:32 | COMCAST-33287 - Comcast
Cable Communications, Inc.
33287 | 76.124.47.62 | 2009/10/12T03:37:37 | COMCAST-33287 - Comcast
Cable Communications, Inc.
33287 | 76.98.123.140 | 2009/10/12T03:37:41 | COMCAST-33287 - Comcast
Cable Communications, Inc.
33491 | 68.58.35.18 | 2009/10/12T03:36:43 | COMCAST-33491 - Comcast
Cable Communications, Inc.
33650 | 71.227.242.212 | 2009/10/12T03:37:11 | COMCAST-33650 - Comcast
Cable Communications, Inc.
33651 | 76.102.12.157 | 2009/10/12T03:37:42 | CMCS - Comcast Cable
Communications, Inc.
33660 | 76.23.41.35 | 2009/10/12T03:37:41 | CMCS - Comcast Cable
Communications, Inc.
33668 | 24.11.34.228 | 2009/10/12T03:37:31 | CMCS - Comcast Cable
Communications, Inc.
33668 | 24.11.80.99 | 2009/10/12T03:37:28 | CMCS - Comcast Cable
Communications, Inc.
33668 | 71.205.182.69 | 2009/10/12T03:37:18 | CMCS - Comcast Cable
Communications, Inc.
36727 | 74.137.48.46 | 2009/10/12T03:37:38 |
INSIGHT-COMMUNICATIONS-CORP-AS1 - INSIGHT COMMUNICATIONS COMPANY, L.P.
36727 | 96.28.235.252 | 2009/10/12T03:37:10 |
INSIGHT-COMMUNICATIONS-CORP-AS1 - INSIGHT COMMUNICATIONS COMPANY, L.P.
36937 | 41.154.2.20 | 2009/10/12T03:36:50 | Neotel-AS
38144 | 60.253.112.249 | 2009/10/12T03:37:44 | JALAWAVE-AS-ID PT
Jalawave Cakrawala
38413 | 125.240.55.130 | 2009/10/12T03:37:47 | SENGD-AS-KR Ganddong
District Office of Education in Seoul
On 10/11/09 9:11 PM, "Matthew.Swaar at us-cert.gov" <Matthew.Swaar at us-cert.gov>
wrote:
> ----------- nsp-security Confidential --------
>
>
> The Department of Justice got some packet love last week from 5 - 8
> October. It appears to have resumed as of ~0217GMT 12 October. The
> target is (still) 'www.deadiversion.usdoj.gov' on IP 149.101.26.30 and
> the attack is ongoing as of this writing.
>
> Attack vectors are 80-TCP, 80-UDP, and ICMP echo requests at the least.
>
> Attached are two files with IPS believed to be participating in the
> attack. Each source IP in the list transmitted at least 5k packets
> during a 40 minute window of ~ 0300-0340 over TCP-80. The IPS that met
> the previous criteria and also appeared to complete a 3-way handshake
> are in 'unspoofed_attackers_80tcp_12oct.txt'. IPS that may or may not
> have completed a 3-way handshake are in the 'attackers_80tcp_12oct.txt'
> file. (There is obviously overlap)
>
> Unfortunately, I cannot currently bulk resolve the IPS themselves, my
> apologies.
>
> Any mitigation/squashing that can be provided (short of blackholing the
> dest) would be appreciated.
>
>
>
> Very Respectfully,
>
> US-CERT Ops Center
> 703-235-5111
> POC: Matt Swaar - Analyst
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
--
Stephen Gill, Chief Scientist, Team Cymru
http://www.cymru.com | +1 630 230 5423 | gillsr at cymru.com
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________
This message contains information which may be confidential and/or privileged. Unless you are the intended recipient (or authorized to receive for the intended recipient), you may not read, use, copy or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail and delete the message and any attachment(s) thereto without retaining any copies.
More information about the nsp-security
mailing list