[nsp-sec] DDoS towards 12.19.225.108
Nicholas Ianelli
ni at allyourinfoarebelongto.us
Tue Nov 1 11:25:00 EDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Folks,
I've been given permission to share this with you. Currently a DDoS
attack is ongoing targeting 12.19.225.108. This is a financially
motivated attack, similar to what was seen October 21/22.
At that time the C2s directing the attack were:
s0r.ru
193.105.240.212
Both of these were Dirt Jumper based botnets.
While I'm still gathering information, I'm asking for assistance in
tracking down IPs sending large amounts of packets to 12.19.225.108
(it's believed to be port 80/TCP based).
I'm trying to find the C2, but if you can squash contributors, that
would be awesome.
Thanks!
Nick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk6wD0wACgkQi10dJIBjZIDq0gCghoa5luOzNTs32cv/+mlLEAgf
o30AoJkPWsBth7ic1f3pVsG5UuEWZX/3
=gYoR
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list