[nsp-sec] DDoS attack - SYN Flood - Target: 209.242.125.24 port 80/TCP
Nicholas Ianelli
ni at allyourinfoarebelongto.us
Fri Aug 19 20:17:17 EDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Still seeing an active attack, but slowing (brunt of the attack was
between 0300-0800 EDT today). Target information:
209.242.125.24 port 80/TCP
19384 | 209.242.125.24 | GRAMTEL001 - GramTel USA, Inc.
PEER_AS | IP | AS Name
174 | 209.242.125.24 | COGENT Cogent/PSI
30023 | 209.242.125.24 | CBTSCNDC - Cincinnati Bell Technology Solutions
Any one seeing a large amount of SYN packets destined to this host
(possibly spoofed)?
C2 information would be very helpful.
Nick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk5O/Q0ACgkQi10dJIBjZIDdFQCgpAer611YyqdbH1Wyh6/GzCmD
0gAAn3NXFzsD4Mq6dh6De3XLeWtIMVJe
=RRWM
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list