[nsp-sec] [DDoS - City of New York]

[White, Gerard]

Greetings.

I had a look at a few of these sources in our neck of the Internet woods (577) and they're all MTAs.

I would hazard to guess they're getting hammered with bounces as a result of an extensively spammed Joe Job...

GW
855 (and sometimes 577)


-----Original Message-----
From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of James J. Barlow
Sent: August-22-11 3:08 PM
To: nsp-security at puck.nether.net
Cc: pmedina at doitt.nyc.gov
Subject: [nsp-sec] [DDoS - City of New York]

----------- nsp-security Confidential --------

Forwarding this for a colleague who used to be in nsp-sec regarding a
DDoS that is hitting his employers site.


----- Forwarded message from "Medina, Par (Consultant)" <pmedina at doitt.nyc.gov> -----

Hello nsp-sec,

This is Pär Österberg Medina, used to work for Sitic/CERT-SE but have
now moved to the US, currently working at the City of New York.

The domain nyc.gov is currently being the target of a DDoS attack. The
attack consist of connection omn TCP port 25 towards our mail servers,
vwall{1,2,3,4}.nyc.gov. Attached are four files with offending IPs
collected during the time 07:20 to 09:15 (UTC-4) last Friday 8/19/11.

Please pass along any information you can regarding the Botnet that
is behind this. Samples of the Bot that is being used is also greatly
appreciated ;)

Kind regards
--
Pär Österberg Medina
Security Operations Center
Dept of Information Technology  
& Telecommunications for 
City of New York
http://www.nyc.gov
+1 718-403-8238


-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 183 bytes
Desc: not available
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20110822/e312490c/attachment-0001.sig>