[nsp-sec] seeking contact at AS30496 Colo4Dallas LP

jose nazario jose at arbor.net
Mon Dec 6 19:26:09 EST 2010 

in a nutshell this person may be using LOIC and be a part of  
Operation:Payback - anonymous' "war on sanity". their tools are not  
nearly as smooth as they think they are - they use their own IP.

-- jose

On Dec 6, 2010, at 5:41 PM, Maher, Kevin wrote:

> ----------- nsp-security Confidential --------
>
>
> I will add that we have seen similar attack traffic from the same  
> source
> IP multiple times in the last week, including today.
>
> Kevin
>
>
> On 12/6/10 2:32 PM, "Stéphane Dodeller" <dodeller at ip-plus.net> wrote:
>
>> ----------- nsp-security Confidential --------
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> That would interest me too, since one of our customer is under a  
>> DDoS of
>> about 40k SYN packets per second from source 72.9.153.142 (possibly
>> spoofed of course) to 194.41.166.15, TCP port 80.
>> I'm sending an email to their abuse team too.
>>
>> Regards
>>
>> Stéphane Dodeller
>> Swisscom/IP-Plus Engineering (AS3303)
>>
>> Le 6 déc. 2010 à 20:44, Jose Nazario a écrit :
>>
>>> ----------- nsp-security Confidential --------
>>>
>>> looking for a direct contact here, preferably via an introduction:
>>>
>>>
>>> NetRange:       72.9.144.0 - 72.9.159.255
>>> CIDR:           72.9.144.0/20
>>> OriginAS:       AS30277
>>> NetName:        TAILORMADESERVERS
>>> NetHandle:      NET-72-9-144-0-1
>>> Parent:         NET-72-0-0-0-0
>>> NetType:        Direct Allocation
>>> NameServer:     NS2.DFW-DATACENTER.COM
>>> NameServer:     NS1.DFW-DATACENTER.COM
>>> RegDate:        2007-02-08
>>> Updated:        2009-08-24
>>> Ref:            http://whois.arin.net/rest/net/NET-72-9-144-0-1
>>>
>>> OrgName:        Tailor Made Servers
>>> OrgId:          TMS-52
>>> Address:        4480 Fairway Drive
>>> City:           Carrollton
>>> StateProv:      TX
>>> PostalCode:     75010
>>> Country:        US
>>> RegDate:        2003-08-19
>>> Updated:        2009-09-02
>>> Ref:            http://whois.arin.net/rest/org/TMS-52
>>>
>>>
>>>
>>> peers include:
>>>
>>> OB    AS3356 Level3 Level 3 Communications    ANY
>>> AS30496^0-32
>>> B    AS4323 TWTC Autonomous system for tw telecom .
>>> B    AS6461 MFNX MFN - Metromedia Fiber Network
>>> B    AS10930 NOVA-INTERNET Nova Internet Services, Inc.
>>> B    AS14195 LOFTNET LoftNet, LLC
>>> B    AS20202 HAIR-CLUB-FOR-MEN Hair Club for Men LTD
>>> B    AS23486 NETSPAN NETSPAN CORPORATION
>>> B    AS26774 ANGVALLNETWORKS Angvall Networks, Inc.
>>> B    AS32420 AIRPATH Wireless
>>> B    AS32618 ?
>>> B    AS36167 NETRIPLEX01 NETRIPLEX LLC
>>> B    AS36352 Colocrossing-AS
>>> B    AS40431 ?
>>> B    AS40610 ?
>>> B    AS46501 ?
>>>
>>>
>>>
>>>
>>> thank you.
>>>
>>> _____________________________
>>> jose nazario, ph.d. jose at arbor.net
>>> sr. manager of security research, arbor networks
>>> http://asert.arbor.net/
>>>
>>>
>>>
>>> _______________________________________________
>>> nsp-security mailing list
>>> nsp-security at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/nsp-security
>>>
>>> Please do not Forward, CC, or BCC this E-mail outside of the
>>> nsp-security
>>> community. Confidentiality is essential for effective Internet  
>>> security
>>> counter-measures.
>>> _______________________________________________
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
>>
>> iQEVAwUBTP1kdeSB/9UpeWIUAQKORAgAtoXtSMGYxsKggjLvua0pYSDOjgqyN6qM
>> KD+3iO5V0WSEHJVoN/yyI2TdElbvFS53r+CGIl2e41j6qVUxUtKWqvn+KKqfXxx0
>> 48T2chybygMwzJdG1wizskTl26tiKfUi1QvVMjOPGIFjni4LNbQXByJjoZKGW9n3
>> avCVz2tNNncblDmQ9c1t+y18O1Q1LwPngVDgK41HN1Lz7ltkDGFcdN/XbxQqUDns
>> R3ohwSEy01VMrQI1vsoO+1Ka+hpiSR6q2ZO5eoDnP+WGU5W72OZjiVMCTCmQiS2U
>> f2SpSnhy5mnJfeRnPeMyk5Q0CkTWqF5Dah0S+1fRImzoBIhhQoEEFw==
>> =ZyGv
>> -----END PGP SIGNATURE-----
>>
>>
>>
>> _______________________________________________
>> nsp-security mailing list
>> nsp-security at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/nsp-security
>>
>> Please do not Forward, CC, or BCC this E-mail outside of the nsp- 
>> security
>> community. Confidentiality is essential for effective Internet  
>> security
>> counter-measures.
>> _______________________________________________
>
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp- 
> security
> community. Confidentiality is essential for effective Internet  
> security counter-measures.
> _______________________________________________

More information about the nsp-security mailing list