[nsp-sec] DDoS against several .gov.co
Nicholas Ianelli
ni at centergate.net
Thu Apr 14 10:12:33 EDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Can you provide any attack characteristics. Are we looking at HTTP GET
requests, SYN traffic, UDP flood, spoofing...?
How do we distinguish legitimate traffic from DDoS traffic?
Thanks!
Nick
On 4/13/2011 9:15 PM, David Jiménez wrote:
> ----------- nsp-security Confidential --------
>
> Hi folks,
>
> Anonymous Chapters from Mexico, Colombia, Spain, Argentina and other
> countries started a DDoS against the Colombian senate, presidential,
> justice ministry and the e-government pages since April 11 at 19hrs
> (GMT).
>
> Colombian Government is in the way to establish its own CERT, right
> now they are asking other CERTs in the region for help in order to
> track this activity outside Colombia and directed to the following
> IPs:
>
> Host name: www.senado.gov.co
> IP address: 201.245.176.100
>
> Host name: www.gobiernoenlinea.gov.co
> IP address: 201.234.78.92
>
> Host name: www.presidencia.gov.co
> IP address: 190.66.1.211
>
> Host name: www.mij.gov.co
> IP address: 190.27.214.226
>
> Host name: www.mintic.gov.co
> IP address: 184.106.30.254
>
>
> It would be great If you can help us to track the activity to this IPs
> to share them afterwards, Mexican, Spanish, Colombian and Argentinian
> hacktivists are involved in the attack, because the approval of the
> Lleras Law in Colombia. The Federal Police of Colombia have warned
> Colombian ISPs and the Presidential Office.
>
> Thanks for your help.
>
- --
Nicholas Ianelli: Neustar, Inc.
Security Operations
46000 Center Oak Plaza Sterling, VA 20166
+1 571.434.4691 - http://www.neustar.biz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
iEYEARECAAYFAk2nANEACgkQi10dJIBjZIDgbgCeJXvulMf8xvyE3/FefDnupDRP
cnAAoMoqSbz4LazkUBMEH06XEoTGzMKj
=6Li7
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list