[nsp-sec] DDoS against several .gov.co

Carles Fragoso cfragoso at cesicat.cat
Thu Apr 14 10:39:58 EDT 2011 

I don't know if it is related or not ... but there is an active Anonymous Hispano chapter taking care of several DDoS Operations in Spain, Colombia and Mexico.

At Spain there is a current Operation launched at 9.00 CEST/GMT+2 against several national banks, first target has been BBVA (www.bbva.es<http://www.bbva.es> - 89.107.176.83 - AS15810), to complain against Mortgate (hipoteca) government/bank agreements.

Website
http://www.anonymous-spain.es

IRC Server / Channel
indigo.anonops.in #hispano

-Zapatero:#hispano- Channel Topic: ....... - ...... - ....... || #OpSpain - #OpMexico - #OpColombia || Target: www.bbva.es<http://www.bbva.es> | Status: firing | Hive: loic.anonops.in - 6667 - #Hispano-loic INFO OP: http://goo.gl/7ceOx - Video: http://goo.gl/0tNH9

Command sent at #hispano channel:
!Opcolombia
Para la información sobre las operaciones de #OpColombia entra en: http://goo.gl/dNjzq

Website that takes to hispano.piratenpad.de<http://hispano.piratenpad.de>
http://goo.gl/dNjzq

Twitter hashtags
#ophipoteca #OpSpain

Tools are the common Anonymous ones:
!linux
Downloads: !pyloic (Python) || !javaloic (Java) || !hping (Shell) || !slowloris (Perl) || !mauzh (C) || !loiq (C++)

!mac
Mac Downloads: !hping (Terminal) || !pyloic [HIVEMIND] (Uses Python) || !javaloic (Uses Java 6)

!windows
Descargas para Windows: !loic [HIVEMIND] (Usa .NET) || !pyloic [HIVEMIND] (Usa Python) || !javaloic (Usa Java 6) || !slowpost (HTTP Post) || !hping (CMD Line)

!ataqueweb
MobileLOIC: http://goo.gl/h3rL0 || jsLOIC: http://goo.gl/Rp1Gp || WebLOIC (no usarlo en PCs lentos): http://webloic.com || Si puedes, usa un LOIC real, es mucho mas efectivo. !windows !mac !linux

Regards,

-- Carlos

On Apr 14, 2011, at 4:12 PM, Nicholas Ianelli wrote:

----------- nsp-security Confidential --------

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Can you provide any attack characteristics. Are we looking at HTTP GET
requests, SYN traffic, UDP flood, spoofing...?

How do we distinguish legitimate traffic from DDoS traffic?

Thanks!
Nick


On 4/13/2011 9:15 PM, David Jiménez wrote:
----------- nsp-security Confidential --------

Hi folks,

Anonymous Chapters from Mexico, Colombia, Spain, Argentina and other
countries started a DDoS against the Colombian senate, presidential,
justice ministry and the e-government pages since April 11 at 19hrs
(GMT).

Colombian Government is in the way to establish its own CERT, right
now they are asking other CERTs in the region for help in order to
track this activity outside Colombia and directed to the following
IPs:

Host name: www.senado.gov.co<http://www.senado.gov.co>
IP address: 201.245.176.100

Host name: www.gobiernoenlinea.gov.co<http://www.gobiernoenlinea.gov.co>
IP address: 201.234.78.92

Host name: www.presidencia.gov.co<http://www.presidencia.gov.co>
IP address: 190.66.1.211

Host name: www.mij.gov.co<http://www.mij.gov.co>
IP address: 190.27.214.226

Host name: www.mintic.gov.co<http://www.mintic.gov.co>
IP address: 184.106.30.254


It would be great If you can help us to track the activity to this IPs
to share them afterwards, Mexican, Spanish, Colombian and Argentinian
hacktivists are involved in the attack, because the approval of the
Lleras Law in Colombia. The Federal Police of Colombia have warned
Colombian ISPs and the Presidential Office.

Thanks for your help.



- --
Nicholas Ianelli: Neustar, Inc.
Security Operations

46000 Center Oak Plaza Sterling, VA 20166
+1 571.434.4691 - http://www.neustar.biz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)

iEYEARECAAYFAk2nANEACgkQi10dJIBjZIDgbgCeJXvulMf8xvyE3/FefDnupDRP
cnAAoMoqSbz4LazkUBMEH06XEoTGzMKj
=6Li7
-----END PGP SIGNATURE-----


_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net<mailto:nsp-security at puck.nether.net>
https://puck.nether.net/mailman/listinfo/nsp-security

Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________

More information about the nsp-security mailing list