[nsp-sec] DDoS against several .gov.co
David Jiménez
ddavinci at gmail.com
Thu Apr 14 15:26:46 EDT 2011
Hi Nick,
It was HTTP GET request to port 80/tcp, although there were HTTP
request to random TCP ports.
Regards
On Thu, Apr 14, 2011 at 9:12 AM, Nicholas Ianelli <ni at centergate.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Can you provide any attack characteristics. Are we looking at HTTP GET
> requests, SYN traffic, UDP flood, spoofing...?
>
> How do we distinguish legitimate traffic from DDoS traffic?
>
> Thanks!
> Nick
>
>
> On 4/13/2011 9:15 PM, David Jiménez wrote:
>> ----------- nsp-security Confidential --------
>>
>> Hi folks,
>>
>> Anonymous Chapters from Mexico, Colombia, Spain, Argentina and other
>> countries started a DDoS against the Colombian senate, presidential,
>> justice ministry and the e-government pages since April 11 at 19hrs
>> (GMT).
>>
>> Colombian Government is in the way to establish its own CERT, right
>> now they are asking other CERTs in the region for help in order to
>> track this activity outside Colombia and directed to the following
>> IPs:
>>
>> Host name: www.senado.gov.co
>> IP address: 201.245.176.100
>>
>> Host name: www.gobiernoenlinea.gov.co
>> IP address: 201.234.78.92
>>
>> Host name: www.presidencia.gov.co
>> IP address: 190.66.1.211
>>
>> Host name: www.mij.gov.co
>> IP address: 190.27.214.226
>>
>> Host name: www.mintic.gov.co
>> IP address: 184.106.30.254
>>
>>
>> It would be great If you can help us to track the activity to this IPs
>> to share them afterwards, Mexican, Spanish, Colombian and Argentinian
>> hacktivists are involved in the attack, because the approval of the
>> Lleras Law in Colombia. The Federal Police of Colombia have warned
>> Colombian ISPs and the Presidential Office.
>>
>> Thanks for your help.
>>
>
>
> - --
> Nicholas Ianelli: Neustar, Inc.
> Security Operations
>
> 46000 Center Oak Plaza Sterling, VA 20166
> +1 571.434.4691 - http://www.neustar.biz
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
>
> iEYEARECAAYFAk2nANEACgkQi10dJIBjZIDgbgCeJXvulMf8xvyE3/FefDnupDRP
> cnAAoMoqSbz4LazkUBMEH06XEoTGzMKj
> =6Li7
> -----END PGP SIGNATURE-----
>
--
--
--
Inspector David Jimenez (GCIA, GCFW)
--------------------------------------------------------------------------------------------------------------
CERT-MX Operations Director
E-Crime Prevention Unit
Scientific Division, Mexico Federal Police/SSP
E-mail: david.jimenezd at ssp.gob.mx
Phone: +52 55 11036000 ext 29110
PGP: 1937 EF11 0521 B628 7228 4699 2BAE 4D94 778B 1885
More information about the nsp-security
mailing list