[nsp-sec] need some help with C&C
Igor Gashinsky
igor at yahoo-inc.com
Fri May 14 01:28:44 EDT 2010
Hey guys and gals,
We are seeing a ddos attack against some of the www.yahoo.com vips coming
in at between 10-20Gbps per vip (the attack seems to be moving from one ip
to another) -- it looks to be a really weird tcp syn flood with tcp
options set?!?!, and mostly appearing to be coming from China Telcom. The
IPs targeted so far are 72.30.2.43, 69.147.125.65, 98.137.149.56,
209.191.122.70, and 67.195.160.76.
If anybody can see if they can detect the C&C responsible for this, or the
malware that's doing it, we'd appreciate knowing about it.. For right now,
please don't block the the traffic destined to those IPs (it is likely
legitimate traffic to yahoo), unless we've specifically contacted you to
do so...
Thanks in advance,
-igor
--------------------+----------------------+------------------
Igor Gashinsky | Network Architecture | Yahoo! Inc.
igor at yahoo-inc.com | cell 917.807.2213 | Do You... Yahoo?
--------------------+----------------------+------------------
More information about the nsp-security
mailing list