[nsp-sec] What about 69.43.160.174? (was: Re: Please confirm DDoS entry 208.73.210.29)
Rune Sydskjør
rune.sydskjor at uninett.no
Wed Feb 23 03:02:01 EST 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
On 02/22/2011 05:48 PM, Dave Monnier wrote:
>> We generated 400+ reports in the past 26 hours due to a new DDoS entry
>> of 208.73.210.29.
>
>> Can you please recheck this IP to see if it should have the services bit
>> set ?
>
>
>> Thanks,
>
>
> Hey, Jason.
>
> Thanks for the heads up. As Chris mentioned, this is Oversee. They
> look to have squashed the c&c, or broken the link to it with their
> service. The actual c&c goes back to 2010 and just moved to their network.
>
> The entry has been removed.
What about 69.43.160.174, which we also had a lot of reports on today?
Passive dns has over 9000 hits, so this is cleary a web hotel.
Regards,
Rune Sydskjør, UNINETT AS224
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iD8DBQFNZL75RY0ei6C6y0kRAudjAKCTfsAuqLmkLcmrojxheonJYl4WzwCfYKXS
mceXgMM9mTbvr8jvrWZvu4o=
=o/E6
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list