[nsp-sec] Got traffic to: 213.248.122.152
Nicholas Ianelli
ni at centergate.net
Mon Mar 22 17:35:22 EDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Folks,
There looks to be a spoofed attack (varying types, both syn and udp)
targeting 213.248.122.152. If you could check your flows and see if you
have anything that stands out, it would be hugely appreciated.
Past DDoS attacks towards this customer showed all spoofed traffic,
anything we can do to locate the C2 would be awesome! Please don't block
traffic to 213.248.122.152 as there are legitimate services.
Thanks!
Nick
- --
Nicholas Ianelli: Neustar, Inc.
Security Operations
46000 Center Oak Plaza Sterling, VA 20166
+1 571.434.4691 - http://www.neustar.biz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iEYEARECAAYFAkun4poACgkQi10dJIBjZIC+0wCgkL+Y1h2i9T6/fqh7bMAWYarE
SowAnjOcm0Ntpb9n4Scq9LONg0odHfxU
=nBOh
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list