[nsp-sec] Got traffic DDoS: 80.239.232.152 and 80.239.232.154 (TCP SYN attack)
Nicholas Ianelli
ni at centergate.net
Thu May 13 22:42:21 EDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Folks,
The following IP addresses are being targeted by a DDoS (and were being
targeted yesterday):
80.239.232.152
80.239.232.154
The traffic seems largely to be under source port 1300, and focused
solely on port 3724/TCP.
The attack is a SYN flood, most likely all spoofed. Previous patterns
also include a UDP flood, but that is blocked by default so the victims
don't even see it.
It's a long shot, but anyone have anything?
Nick
- --
Nicholas Ianelli: Neustar, Inc.
Security Operations
46000 Center Oak Plaza Sterling, VA 20166
+1 571.434.4691 - http://www.neustar.biz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iEYEARECAAYFAkvsuI0ACgkQi10dJIBjZIBBzQCeJmMFucCrV8Urx3nhtUv9W/0B
9csAoKAOHgTaa2hhPQ956ikVtvMgcyHT
=UXAK
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list