[nsp-sec] Sustained hacking, attempting to divert email to Chinese IPs from human rights org...
Stephen Wilcox
steve.wilcox at packetrade.com
Fri Dec 23 13:29:10 EST 2011
I've figured what these guys are trying to do and its very deliberate and
targetted. They are trying to divert email from a well known human rights
org by hijacking DNS.
This started end of November, but the intent to modify zone files appeared
yesterday.
Is anyone else working on this? Anyone able to look at the below IPs?
Here's the IPs involved:
1st attack:
4134 | 112.66.109.68 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 112.66.109.88 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 112.66.111.168 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 113.71.189.224 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 113.71.190.105 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 113.71.190.161 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 124.225.36.242 | CHINANET-BACKBONE No.31,Jin-rong Street
17672 | 124.238.243.16 | CHINATELECOM-HE-AS-AP asn for Hebei Provincial
Net of CT
45634 | 180.210.204.117 | SPARKSTATION-SG-AP 10 Science Park Road
45634 | 180.210.204.123 | SPARKSTATION-SG-AP 10 Science Park Road
4134 | 183.18.135.160 | CHINANET-BACKBONE No.31,Jin-rong Street
2nd attack:
4837 | 61.167.49.188 | CHINA169-BACKBONE CNCGROUP China169 Backbone
20248 | 74.82.165.254 | TAKE2 - Take 2 Hosting, Inc.
4134 | 112.66.109.49 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 112.66.110.159 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 112.66.135.124 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 112.66.154.168 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 112.66.156.244 | CHINANET-BACKBONE No.31,Jin-rong Street
20248 | 173.252.250.98 | TAKE2 - Take 2 Hosting, Inc.
4134 | 202.105.233.69 | CHINANET-BACKBONE No.31,Jin-rong Street
thanks
Steve
More information about the nsp-security
mailing list