[nsp-sec] DDoS RS addition request - 91.205.17.4 port 8788/TCP botnet C2
Dave Monnier
dmonnier at cymru.com
Sat Jun 12 13:39:34 EDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 6/11/10 3:38 PM, Nicholas Ianelli wrote:
> ----------- nsp-security Confidential --------
>
> So I found the C2 behind all the DDoS attacks against 80.239.232.154 and
> 80.239.232.152:
>
> 91.205.17.4 port 8788/TCP
>
> channels:
>
> #vdm2
> #spd
> #rtg
> #gg
>
>
> If folks have traffic to the above IP, please squash it.
>
> Thanks!
> Nick
>
Hi Nick,
Sorry for the delayed reply. I had this note queued up yesterday but
had something interrupt.
This IP was added to the ddosrs on 0608, and its neighbor 91.205.17.5
(related to the same crew etc, probably same host) added on 0610.
Cheers,
- -Dave
- --
Dave Monnier
Team Cymru
https://www.team-cymru.org/
PGP: http://www.cymru.com/dmonnier/0x7C1AAE55_pub.asc
* See our Twitter feed at http://twitter.com/teamcymru
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAkwTxlYACgkQ+29txnwarlVslQCcD8aFVjACqA70rWXFflN8nrKV
4V0AnReXw9kqEampeVHtSruNEe5de6BN
=dM6z
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list