[nsp-sec] UDP Flood - 67.210.170.131
Rob Thomas
robt at cymru.com
Tue Jan 26 16:03:06 EST 2010
Hey, Gerard.
Great info, as always!
> The botnet is using UDP + crypto for the C&C comms towards this /32:
>
> AS | IP | AS Name
> 4837 | 119.7.128.223 | CHINA169-BACKBONE CNCGROUP China169
> Backbone
Would the associated DNS RR be youare.sexidude.com?
stamp | qname | class | type | rdata
--------------------- --------------------- ------- ------ ---------------
2010-01-23 17:59:48 | youare.sexidude.com | IN | A |
119.7.128.223
Might be another indicator of "you've got bot" for folks.
Thanks,
Rob.
--
Rob Thomas
Team Cymru
https://www.team-cymru.org/
ASSERT(coffee != empty);
More information about the nsp-security
mailing list