[nsp-sec] UDP53 DDOS -> 174.132.162.7 & 174.120.243.7
Yonglin ZHOU
yonglin.zhou at gmail.com
Fri Sep 24 11:41:33 EDT 2010
Jose,
We saw the attack volume reached about 60G and more. No doubt if the
botnet were dominated to attack any important system ( e.g. DNS gtld
or some main A servers) it will cause serious damage. So we hope to
find out the C&C servers behind and hopefully could destroy them.
Yonglin.
On Fri, Sep 24, 2010 at 11:01 PM, jose nazario <jose at arbor.net> wrote:
> NACK here. would like to hear what you turn up, mind you, to expand our data
> collection efforts (e.g. new families).
>
> On Sep 24, 2010, at 4:00 AM, Yonglin ZHOU wrote:
>
>> Here in China it is the third day of Middle Autumn Holiday. Our duty
>> man reported again about the udp53 ddos towards 174.132.162.7 &
>> 174.120.243.7. This attack also happened on Wednesday. Many Chinese
>> IPs were controlled to send out the attack packets. However, we have
>> not found the C&C server till now.
>> Should any team find the C&C please contact me offlist.
>
> _____________________________
> jose nazario, ph.d. jose at arbor.net
> sr. manager of security research, arbor networks
> http://asert.arbor.net/
>
>
--
----------------- Enjoy the life --------------------
Yonglin ZHOU
Fix line: + 86 10 8299 0355 Fax: +86 10 8299 0399
Email: zyl at cert.org.cn, yonglin.zhou at gmail.com
-------------------------------------------------------------------------
More information about the nsp-security
mailing list