[nsp-sec] [DDoS - City of New York]
CERT-UT - Peter
p.g.m.peters at utwente.nl
Tue Aug 23 10:42:15 EDT 2011
Hi,
James J. Barlow wrote on 22-08-2011 19:37:
> This is Pär Österberg Medina, used to work for Sitic/CERT-SE but have
> now moved to the US, currently working at the City of New York.
>
> The domain nyc.gov is currently being the target of a DDoS attack. The
> attack consist of connection omn TCP port 25 towards our mail servers,
> vwall{1,2,3,4}.nyc.gov. Attached are four files with offending IPs
> collected during the time 07:20 to 09:15 (UTC-4) last Friday 8/19/11.
>
> Please pass along any information you can regarding the Botnet that
> is behind this. Samples of the Bot that is being used is also greatly
> appreciated ;)
I have found a couple of our MX hosts in the list. A check on one of the
servers found 1822 attempts to deliver e-mail to a non-exsisting address
using a sender address of in the nyc.gov domain.
These attempts came from a total of 713 unique IP addresses. I have no
access to the bots that sent out the e-mail.
--
Peter Peters
CERT-UT Officer
cert at utwente.nl http://www.utwente.nl/itsecurity
office-hours: +31 53 489 2301
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 543 bytes
Desc: OpenPGP digital signature
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20110823/65463227/attachment-0001.sig>
More information about the nsp-security
mailing list