[nsp-sec] DDOS against www.de-cix.net
Wolfgang Tremmel
wolfgang.tremmel at de-cix.net
Wed Jan 27 09:35:46 EST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 27.01.10 15:28, Paul Dokas wrote:
> I agree with what others have said that there's likely spoofing going on in this one.
> What I see in our flows looks more like backscatter than outbound attack. Also,
> the machine here (128.101.190.46) is showing no indications of other bad behavior.
thanks - I assume the TCP-SYN attack with spoofed sources is still going on in parallel.
The list I sent were bots which actually were able to establish a tcp connection...
best regards,
Wolfgang
- --
Wolfgang Tremmel e-mail: wolfgang.tremmel at de-cix.net
DE-CIX Management GmbH Phone: +49 69 1730 902-26
Lindleystr. 12, 60314 Frankfurt Mobile: +49 171 8600 816
Geschaeftsfuehrer Harald A. Summa Fax: +49 69 4056 2716
Registergericht AG Koeln, HRB 51135 http://www.de-cix.net
Zentrale: Lichtstr. 43i, 50825 Koeln
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAktgT0EACgkQ0fKk3jl6LK5JTwCcCnS+bpvobsch2zmObOYzgH7r
pF8AoNqAN6oxzYaA5x0Qk4O29+vOSsHO
=qRzy
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list