[nsp-sec] DoS Earlier Today
Rob Thomas
robt at cymru.com
Tue Sep 29 18:18:45 EDT 2009
Hey, Matt.
Sorry to hear about the DDoS attack.
> Host 130.14.29.110 was the recipient. The traffic was from a single
> source IP (218.58.75.201, China Unicom AS4837 I think) and didn't appear
> to be spoofed. Traffic was TCP-80 and a 3-way handshake appeared to be
> completed.
It appears that 218.58.75.201 is a Unix box, probably Linux but possibly
FreeBSD. It's also showing up as a Conficker node, so I'm going to
guess it's a proxy/NAT gateway/firewall device.
Thanks,
Rob.
--
Rob Thomas
Team Cymru
https://www.team-cymru.org/
ASSERT(coffee != empty);
More information about the nsp-security
mailing list