[nsp-sec] ddos - target www.auscert.org.au
Zane Jarvis
zane at auscert.org.au
Fri Aug 20 04:03:07 EDT 2010
Hi all,
We are being DDoSed. :( It is a HTTP based attack against our website. To
mitigate, we've set the site to only accept HTTPS. The site is back up but the
attack continues.
It started about "20/Aug/2010:16:51:47 +1000", the logs I've used to get the
result are from 16:51:47 to 17:00:00.
The rules I've used to obtain the results are:
Only a "GET / HTTP/1.1" has been performed, no other requests.
A minimum of 10 requests
The extra bits in the Team Cymru whois output is
[Number of hits] [timestamp of first request] [User Agent]
Example:
180 [20/Aug/2010:16:52:48 1000] Opera/9.02 (Windows NT 5.1 U ru)
Any assistance in finding the malware, C&C or stopping it would be
appreciated.
I'll be available on my mobile +61410289906 if you have details or questions.
Regards,
Zane.
--
Zane Jarvis
Senior Information Security Analyst | Hotline: +61 7 3365 4417
AusCERT, Australia's Leading CERT | Fax: +61 7 3365 7031
The University of Queensland | WWW: www.auscert.org.au
QLD 4072 Australia | Email: auscert at auscert.org.au
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: details.txt
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20100820/e6430ad0/attachment-0001.txt>
More information about the nsp-security
mailing list