[nsp-sec] DDoS towards 12.19.225.108
Nicholas Ianelli
ni at allyourinfoarebelongto.us
Tue Nov 1 11:33:29 EDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Update 1: looks like there is a lot of port 443/TCP hitting the site as
well. Waiting on some log files.
On 11/01/2011 03:25 PM, Nicholas Ianelli wrote:
> ----------- nsp-security Confidential --------
>
> Folks,
>
> I've been given permission to share this with you. Currently a DDoS
> attack is ongoing targeting 12.19.225.108. This is a financially
> motivated attack, similar to what was seen October 21/22.
>
> At that time the C2s directing the attack were:
>
> s0r.ru
> 193.105.240.212
>
> Both of these were Dirt Jumper based botnets.
>
> While I'm still gathering information, I'm asking for assistance in
> tracking down IPs sending large amounts of packets to 12.19.225.108
> (it's believed to be port 80/TCP based).
>
> I'm trying to find the C2, but if you can squash contributors, that
> would be awesome.
>
> Thanks!
> Nick
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security
counter-measures.
_______________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk6wEUkACgkQi10dJIBjZIAHigCfUcqOQM87gN7Y8BmglDstnEhb
6AAAn0R9qNPxFlz2THNNnRdRfJFryJoz
=O7dD
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list