[nsp-sec] pay 100 btc(bitcoin) or will be subjected to DDoS attacks 100 Gbit/s
Christoph Sprongl
ch at it-austria.net
Wed Sep 7 13:28:29 EDT 2011
Hi Felix,
yes what kind of User-Agent did you see in the logs or was it a bandwith
attack rather than a http one?
cheers,
ch
> ----------- nsp-security Confidential --------
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>>
>
>> Here was the list of domains I collected being targeted yesterday
>> (212):
>>
> www.bigload.de
> www.der-onlinekredit.de
> www.essential-freebies.de
> www.mein-rechtsanwalt.de
> www.munich-business-school.de
> www.top-duesseldorf-immobilien.de
>
> confirmed for AS20773. For the above six entries from your list we got
> extortion mails stating basically "Send bitcoins or we attack with
> 100Gbit/s", and at least "www.der-onlinekredit.de" and
> "www.top-duesseldorf-immobilien.de" were hit for the last 24 hours with
> lots of unspoofed HTTP GET queries for various parts of the sites,
> apparently crawling through the site in a fashion that almost looked
> like normal users. I'm having colleagues checking whether the other
> sites got hit as well. Would there be anything we could log or check in
> sampling stats that might be of help to someone?
>
> Kind regards,
>
> Felix
>
>
> - --
> Felix Schüren
> Head of Network
>
> - -----------------------------------------------------------------------
> Host Europe GmbH - http://www.hosteurope.de
> Welserstraße 14 - 51149 Köln - Germany
> Telefon: 0800 467 8387 - Fax: +49 180 5 66 3233 (*)
> HRB 28495 Amtsgericht Köln - USt-IdNr.: DE187370678
> Geschäftsführer: Patrick Pulvermüller, Thomas Vollrath
>
> (*) 0,14 EUR/Min. aus dem dt. Festnetz; maximal 0,42 EUR/Min. aus
> den dt. Mobilfunknetzen
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iD8DBQFOZ2zZjvSFhYIGdqcRAr3NAJ9IPnmxXi7xivgkPd2qSSGLOWQuCgCfWwkz
> ILw1hFR8p6Zdrogca+6mOws=
> =DdAa
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
>
>
More information about the nsp-security
mailing list