[nsp-sec] Bitcoin DDoS-RS entries
James J. Barlow
jbarlow at ncsa.uiuc.edu
Tue Jun 7 01:14:45 EDT 2011
Anyone know how the following got into the DDoS list:
29169 | GANDI-AS Gandi SAS - Domain name registrar - http://www.gandi.net | 173.246.103.92 | tcp | 6667 | 2011-06-06 22:01:42 | 2011-06-14 22:01:42 | bot | 0 | 0 | ID: pelican.heliacal.net DNSRR: irc.lfnet.org
50763 | MCKAYCOM MCKAYCOM LTD | 193.107.204.22 | tcp | 6667 | 2011-06-06 22:01:42 | 2011-06-14 22:01:42 | bot | 0 | 0 | ID: irc.lechat.ir DNSRR: irc.lfnet.org
Those servers (and other associated with irc.lfnet.org) are used for
bitcoin:
http://en.wikipedia.org/wiki/Bitcoin
http://www.bitcoin.org/
While one may use bitcoins for some nefarious purposes:
http://www.wired.com/threatlevel/2011/06/silkroad/
I don't think the service is malicious.
--
James J. Barlow <jbarlow at ncsa.illinois.edu>
Head of Security Operations and Incident Response
National Center for Supercomputing Applications Office : (217)244-6403
1205 West Clark Street, Urbana, IL 61801 Cell : (217)840-0601
http://www.ncsa.illinois.edu/~jbarlow Fax : (217)244-1987
More information about the nsp-security
mailing list