[nsp-sec] UDP love against AS5539

sthaug at nethelp.no sthaug at nethelp.no
Fri Dec 23 04:20:41 EST 2011

Previous message: [nsp-sec] UDP love against AS5539
Next message: [nsp-sec] UDP love against AS5539
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> So, what I'd like you to do is to check your telemetry for flows
> to
>    dst ip = 194.97.147.57
>    proto = udp
>    dst port = 27660
> 
> ... if you see any of this, it's not legit.  This is a web server, it has
> nothing but tcp/80 and tcp/443.

One source in AS 2116 identified from netflow data. Not spoofed. Handed
off to abuse.

Steinar Haug, AS 2116

Previous message: [nsp-sec] UDP love against AS5539
Next message: [nsp-sec] UDP love against AS5539
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the nsp-security mailing list