[nsp-sec] Possible DoS attack
Matthew.Swaar at us-cert.gov
Matthew.Swaar at us-cert.gov
Wed Dec 14 19:06:37 EST 2011
I've seen no traffic, but I've heard reports that the State of Minnesota public website is getting some packet-love today. The victim site is www.state.mn.us which uses IPS 156.98.89.81 and 207.171.110.89. (Both IPS are receiving the offending packets.) The vector appears to be UDP-80 traffic.
I've been provided with 2 source IPS for this traffic, but given the protocol, these could just be being consistently spoofed, so take with a grain of salt:
88.191.146.244 (sd-31125.dedibox.fr (FR-DEDIBOX, Dedibox SAS, Paris FR netblock))
50.17.95.181 (ec2-50-17-95-181.compute-1.amazonaws.com (AMAZON-EC2, Amazon.com, Inc., Seattle WA netblock))
If anyone can assist (info, squishing any spoofing sources, etc) I would appreciate it.
Very Respectfully,
US-CERT Ops Center
888-282-0870
POC: Matt Swaar - Analyst
More information about the nsp-security
mailing list