[nsp-sec] IMPORTANT: DDoS-RS Reminders

[Tim Wilde]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/13/2010 7:59 AM, SURFcert - Peter wrote:
>> Regarding this I have complaints from a customer who is claiming the IRC
>> servers he is using are legitimate. He was blocked because his computer
>> contacted them. The servers in question are 173.192.206.141 and
>> 178.63.172.193.
> New information seems to indicate these (and others) are IRC servers
> used by Anonymous to discuss Wikileaks and things surrounding that. If
> that is the case I think they should be considered false-positives. And
> yes, people downloading and using LOIC should be handled. But not the
> people discussing.

Peter & Teams,

As I mentioned in my reply earlier, our understanding is that these IRC
servers have been set up specifically for the purpose of launching
attacks, and any intended discussion is, at best, about those attacks,
not about legitimate issues surrounding Wikileaks.  The intended purpose
and potential risk it causes, in our judgment, outweighs the fact that,
yes, as with any IRC server, it's /possible/ to use this server for
legitimate discussions.  There are more than enough IRC servers and
networks out there on which such legitimate discussions can take place,
without a stated agenda and intent to launch attacks from those same
networks.  The stated intent of the operators of this particular network
makes it very unusual from the norm of what we see, and is primarily
what makes it fall into the firmly malicious and thus listable category.

Best regards,
Tim

- -- 
Tim Wilde, Senior Software Engineer, Team Cymru, Inc.
twilde at cymru.com | +1-630-230-5433 | http://www.team-cymru.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk0Gb64ACgkQluRbRini9tj7pwCfWvMg/u2TgipSUylPnWeEwY+5
lz0Anil2gqMDJbGm8rhds/uJDwMHOo98
=0ZMQ
-----END PGP SIGNATURE-----