[nsp-sec] 10Gbps distributed UDP flood against 62.50.74.234(AS8928)
Borja Marcos
BORJAMAR at SARENET.ES
Thu Jun 3 18:03:51 EDT 2010
On 3 Jun 2010, at 23:46, Salusky, William wrote:
> ----------- nsp-security Confidential --------
>
> Having only one traffic source makes this a highly probable false
> positive, but I see some potential C2 comms to the following making my
> spidey senses tingle.
>
> Can anyone else chime in on the legitimacy/evilness of the following?
At least "my" attack source hasn't contacted any of these three IP address today. I've got a couple of hits but it's different customers who have not been attacking.
Borja.
More information about the nsp-security
mailing list