[nsp-sec] NACK RE: Got traffic to: 213.248.122.152
Matthew.Swaar at us-cert.gov
Matthew.Swaar at us-cert.gov
Mon Mar 22 17:43:48 EDT 2010
Heyo, Nick!
Nothing in my flows, sorry.
Very Respectfully,
US-CERT Ops Center
888-282-0870
POC: Matt Swaar - Analyst
-----Original Message-----
From: nsp-security-bounces at puck.nether.net
[mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Nicholas
Ianelli
Sent: Monday, March 22, 2010 5:35 PM
To: 'nsp-security at puck.nether.net'
Subject: [nsp-sec] Got traffic to: 213.248.122.152
----------- nsp-security Confidential --------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Folks,
There looks to be a spoofed attack (varying types, both syn and udp)
targeting 213.248.122.152. If you could check your flows and see if you
have anything that stands out, it would be hugely appreciated.
Past DDoS attacks towards this customer showed all spoofed traffic,
anything we can do to locate the C2 would be awesome! Please don't block
traffic to 213.248.122.152 as there are legitimate services.
Thanks!
Nick
- --
Nicholas Ianelli: Neustar, Inc.
Security Operations
46000 Center Oak Plaza Sterling, VA 20166
+1 571.434.4691 - http://www.neustar.biz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iEYEARECAAYFAkun4poACgkQi10dJIBjZIC+0wCgkL+Y1h2i9T6/fqh7bMAWYarE
SowAnjOcm0Ntpb9n4Scq9LONg0odHfxU
=nBOh
-----END PGP SIGNATURE-----
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the
nsp-security community. Confidentiality is essential for effective
Internet security counter-measures.
_______________________________________________
More information about the nsp-security
mailing list