[nsp-sec] UDP53 DDOS -> 174.132.162.7 & 174.120.243.7
Scott A. McIntyre
scott at xs4all.net
Fri Sep 24 05:58:02 EDT 2010
Yonglin,
>
> Here in China it is the third day of Middle Autumn Holiday. Our duty
> man reported again about the udp53 ddos towards 174.132.162.7 &
> 174.120.243.7. This attack also happened on Wednesday. Many Chinese
> IPs were controlled to send out the attack packets. However, we have
> not found the C&C server till now.
> Should any team find the C&C please contact me offlist.
>
We found a few sources in our network - it started with a bit of ICMP,
then we had 80/tcp backscatter, then the UDP from around 2157 GMT+0200
on 21 September.
I'll email you privately with a potential C&C.
Best regards,
Scott A. McIntyre
XS4ALL Internet B.V.
More information about the nsp-security
mailing list