[nsp-sec] Chinanet SIP attack
Nicholas Ianelli
ni at allyourinfoarebelongto.us
Fri Aug 12 09:29:28 EDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
So awhile back Wang Hua was vetted onto NSP-SEC.
DayPhone: 86-10-58501727
24hrPhone: 86-10-58531727
INOC-DBA Phone: 86-10-58503666
Company/Employer: china telecom
ASNs Responsible for: 4134
wanghua at cndata.com
In working with Wang, he introduced me to Liu. Recently I've been
working with Liu on some DNS based DDoS attacks.
liuzq at chinatelecom.com.cn
Ziqian Liu (Dr.)
Network Operation Center, Network Operation and Maintenance Department
China Telecommunications Corporation
Tel: +86 10 59502319
Addr: NO.19, ChaoYangMen North Street, Dongcheng District,
Beijing, P.R.China(ZIP Code: 100010)
Feel free to pass my name along. Hope this helps.
You may also wish to reach out directly to Barry Greene or Paul Vixie.
Nick
On 08/11/2011 08:10 PM, Saunders, D'Wayne S wrote:
> ----------- nsp-security Confidential --------
>
> Hi all,
> Anyone got a contact for CHINANET-BACKBONE? One of our ADSL customers has
> been getting some SIP packet love from 122.227.235.162
> We have filtered it by ACL and tried to contact the ISP with no joy.
> Hoping others may have a better way to contact the ISP or help stop
> traffic.
>
>
>
> Source:
> 122.227.235.162Destination:
> 165.228.95.76
>
>
>
> whois -h whois.cymru.com 122.227.235.162
> AS | IP | AS Name
> 4134 | 122.227.235.162 | CHINANET-BACKBONE No.31,Jin-rong Street
>
>
>
>
>
> Regards,
>
> D'Wayne Saunders
>
> Ph: (03) 8647 5889
>
>
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk5FKrUACgkQi10dJIBjZIAXewCg5egd0kNQrlybbQ0bUBOmKf/o
rHIAoNJY+bQoZKXFb3RdQZMm8RiI4CuN
=CvMW
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list