[nsp-sec] 10Gbps distributed UDP flood against 62.50.74.234 (AS8928)
Harri Sylvander
harri.sylvander at csc.fi
Fri Jun 4 03:30:57 EDT 2010
Hiya,
> I would appreciate to hear if anybody else has some additional
> information they can provide us with, especially if this was controlled
> by known C&C.
Two hosts participating in the attack located in AS1741. Constituents
have been contacted and hosts should be offline soon/already.
Echoing Scott's observations, one host was using a static src port
(44450). The other, however, was using random ephemeral ports. Asked
for any possible info related to the compromises - shall see if they
manage to dig something out of the boxes.
Thanks for the heads up!
Cheers,
-hts
--
Harri Sylvander, Funet CERT, CSC - IT Center for Science Ltd.
P.O. Box 405, 02101 Espoo, Finland, tel +358 9 457 2082
CSC is the Finnish IT Center for Science, http://www.csc.fi/
e-mail: harri.sylvander at csc.fi
More information about the nsp-security
mailing list