[nsp-sec] 10Gbps distributed UDP flood against 62.50.74.234(AS8928)
Scott A. McIntyre
scott at xs4all.net
Fri Jun 4 04:56:26 EDT 2010
Hi,
>
> Can anyone else chime in on the legitimacy/evilness of the following?
>
>
> POST /forums.php?fid=149 HTTP/1.1
> Host: muza-flowers.biz
>
> POST /download.php?file=7700233c371b36cd43401a5b22520444 HTTP/1.1
> Host: muza-flowers.biz
>
> POST /search.php?doc_id=440ac345ef5336aa53f11f2c0d88dfd8 HTTP/1.1
> Host: muza-flowers.biz
>
> POST /topic.php?tid=117 HTTP/1.1
> Host: muza-flowers.biz
>
>
Yeah, we've had problems with them for a while now. Definitely evil -
many customers that I've shut down for one reason or another are hitting
this in our walled garden.
Other hits include:
http://muza-flowers.biz/blog.php?
http://muza-flowers.biz/download.php?
http://muza-flowers.biz/entry.php?
http://muza-flowers.biz/forums.php?
http://muza-flowers.biz/index.php?
http://muza-flowers.biz/login.php?
http://muza-flowers.biz/logout.php?
http://muza-flowers.biz/memberlist.php?
http://muza-flowers.biz/newpost.php?
http://muza-flowers.biz/posting.php?
http://muza-flowers.biz/redirect.php?
http://muza-flowers.biz/search.php?
http://muza-flowers.biz/topic.php?
http://muza-flowers.biz/upload.php?
http://muza-flowers.biz/viewforum.php?
http://muza-flowers.biz/YaBB.pl?
So, consider that an ACK on Evil bit being set to 1.
Scott A. McIntyre
XS4ALL Internet B.V.
More information about the nsp-security
mailing list