[nsp-sec] DDoS attack - SYN Flood - Target: 209.242.125.24 port 80/TCP
Yiming Gong
yiming.gong at xo.com
Mon Aug 22 10:24:08 EDT 2011
I see very small amount of traffic going to that destination on the port
80 on our network during that time frame. Guess we did not carry much
attacking traffic.
Yiming
On 08/19/2011 07:17 PM, Nicholas Ianelli wrote:
> ----------- nsp-security Confidential --------
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Still seeing an active attack, but slowing (brunt of the attack was
> between 0300-0800 EDT today). Target information:
>
> 209.242.125.24 port 80/TCP
>
> 19384 | 209.242.125.24 | GRAMTEL001 - GramTel USA, Inc.
>
>
> PEER_AS | IP | AS Name
> 174 | 209.242.125.24 | COGENT Cogent/PSI
> 30023 | 209.242.125.24 | CBTSCNDC - Cincinnati Bell Technology Solutions
>
>
> Any one seeing a large amount of SYN packets destined to this host
> (possibly spoofed)?
>
> C2 information would be very helpful.
>
> Nick
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk5O/Q0ACgkQi10dJIBjZIDdFQCgpAer611YyqdbH1Wyh6/GzCmD
> 0gAAn3NXFzsD4Mq6dh6De3XLeWtIMVJe
> =RRWM
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>
>
More information about the nsp-security
mailing list