[nsp-sec] DDoS mitigation help (AusCERT#20109c4d1)
Scott A. McIntyre
scott at xs4all.net
Sat Jan 9 18:04:07 EST 2010
Hi again,
> I think I found a source in my network - and it's not just targeting those hosts you list, but quite a few others. There's a lot of suspicious tcp syn to 80 at a number of other locations:
>
>
>
> 5532 | 194.158.36.230 | TERRANETMALTA Terranet Communications Limited
> 6849 | 212.113.36.19 | UKRTELNET JSC UKRTELECOM,
> 6849 | 91.213.175.34 | UKRTELNET JSC UKRTELECOM,
> 6849 | 91.213.175.4 | UKRTELNET JSC UKRTELECOM,
> 9746 | 203.3.76.26 | IGOLD-AS-AP Online Interactive gaming solution
> 12301 | 91.82.249.53 | INVITEL Invitel, Hungary
> 14135 | 216.205.10.0 | NAVISITE-EAST-2 - Navisite, Inc.
> 46844 | 67.21.86.231 | ST-BGP - SHARKTECH INTERNET SERVICES
The sites being hit:
http://www.betonlive.com/
http://b-muj.ru/
http://www.betanysports.com/
http://phonecam.ru/
http://www.multibet.com/
http://pozdravsms.com/
http://tnt-vip.info/
http://sexoklassniki24.com/
http://www.millioner-love.ru/
All part of the same attack.
Scott A. McIntyre
XS4ALL Internet B.V.
More information about the nsp-security
mailing list