[nsp-sec] ACK [DDoS - City of New York]

[Taka Mizuguchi]

Ack for japanese ASN.

2497
2510
2514
2516
2518
2519
2527
2554
4675
4677
4678
4685
4686
4691
4693
4694
4711
4713
4716
4721
4725
7505
7506
7514
7516
7529
7663
7670
7671
7677
7678
7687
9353
9355
9358
9365
9370
9371
9597
9600
9605
9622
9993
9998
9999
10006
10010
10013
10015
17506
17511
17513
17514
17530
17676
17689
17691
17693
17697
17707
17941
17971
17974
18068
18081
18088
18126
18128
18138
23613
23637
23779
23784
23824
24282
24572
37897
37907
37916
38633
38635
38642


-------- Original Message --------

--

Howard Hicks

> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-
> bounces at puck.nether.net] On Behalf Of James J. Barlow
> Sent: Monday, August 22, 2011 12:38 PM
> To: nsp-security at puck.nether.net
> Cc: pmedina at doitt.nyc.gov
> Subject: [nsp-sec] [DDoS - City of New York]
>
> ----------- nsp-security Confidential --------
>
> Forwarding this for a colleague who used to be in nsp-sec regarding a
> DDoS that is hitting his employers site.
>
>
> ----- Forwarded message from "Medina, Par (Consultant)"
> <pmedina at doitt.nyc.gov> -----
>
> Hello nsp-sec,
>
> This is Pär Österberg Medina, used to work for Sitic/CERT-SE but have
> now moved to the US, currently working at the City of New York.
>
> The domain nyc.gov is currently being the target of a DDoS attack. The
> attack consist of connection omn TCP port 25 towards our mail servers,
> vwall{1,2,3,4}.nyc.gov. Attached are four files with offending IPs
> collected during the time 07:20 to 09:15 (UTC-4) last Friday 8/19/11.
>
> Please pass along any information you can regarding the Botnet that
> is behind this. Samples of the Bot that is being used is also greatly
> appreciated ;)
>
> Kind regards
> --
> Pär Österberg Medina
> Security Operations Center
> Dept of Information Technology
> & Telecommunications for
> City of New York
> http://www.nyc.gov
> +1 718-403-8238


-- 
Taka Mizuguchi