[nsp-sec] abuse.ch packet love(?)
Wes Young
wes at ren-isac.net
Fri Nov 19 15:51:00 EST 2010
neg. :(
Because the NS records were pulled, they're assuming the ISP
nameservers were getting hit. They've been trying to contact their ISP
with no response. It was all up "this morning" (EST, far as I could
tell), then randomly disappeared.
Could possibly be that the ISP just said to hell with it and nuked
them on their own, but figured i'd ask here if anyone noticed anything
to those addresses (within the last 6 hours or so):
ns1.dynamic-net.ch 212.12.114.14
ns2.dynamic-net.ch 213.160.90.82
zeustracker 87.106.254.198
spyeyetracker 82.165.47.254
Chris,
I guess their ISP is the technical contact for abuse.ch, and have the
authority to modify the name-servers. So assuming they either got hit
with something this morning, or made the decision to just /dev/null
them is still up in the air. Kinda sucks for them since it's well past
beer-thirty over there and into the weekend... :)
On Nov 19, 2010, at 3:36 PM, Rob Thomas wrote:
> Hey, Wes.
>
>> the "zeustracker" guys are trying to figure out why their ISP dropped
>> their NS records. Since they've been ddos'd last few days, figured
>> I'd
>> help them reach out here and see if anyone has seen any recent
>> packet-love headed in that direction (while they try to hunt down
>> their
>> ISP). Any insight appreciated (happy friday!).
>
> Any ideas which abuse.ch IP or host was the target? zeustracker v.
> www
> v. dnsbl?
>
> Attack start time in UTC, attack type, etc.?
>
> Thanks!
> Rob.
> --
> Rob Thomas
> Team Cymru
> https://www.team-cymru.org/
> "Say little and do much." M Avot 1:15
>
--
Wes
http://claimid.com/wesyoung
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20101119/de0cc391/attachment-0001.sig>
More information about the nsp-security
mailing list