[nsp-sec] Apparent outbound DDoS attacks against: 79.116.2.258, 204.188.217.52, 60.247.126.128 and 202.79.7.22
John Fraizer
john at op-sec.us
Fri Sep 16 16:43:23 EDT 2011
Ya, but the host also has current flows to a DDoS-RS host as well though.
Coincidence?
2011-09-16 20:07:08.374 0.000 TCP 74.112.172.29:56160 ->
74.55.36.105:3303 1 60 1
2011-09-16 20:08:39.031 0.000 TCP 74.112.172.29:56160 ->
74.55.36.105:3303 1 60 1
2011-09-16 20:10:08.874 0.000 TCP 74.112.172.29:56160 ->
74.55.36.105:3303 1 60 1
2011-09-16 20:29:38.501 0.000 TCP 74.112.172.29:56160 ->
74.55.36.105:3303 1 60 1
On Fri, Sep 16, 2011 at 4:40 PM, Chris Morrow <morrowc at ops-netman.net>wrote:
> this kinda feels like a regular old normal irc controlled botnet taking out
> someone's competition for a channel.
>
> On 09/16/11 16:37, John Fraizer wrote:
>
>> ----------- nsp-security Confidential --------
>>
>>
>> New target: 141.30.37.165 TCP/53
>>
>>
>> ______________________________**_________________
>> nsp-security mailing list
>> nsp-security at puck.nether.net
>> https://puck.nether.net/**mailman/listinfo/nsp-security<https://puck.nether.net/mailman/listinfo/nsp-security>
>>
>> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
>> community. Confidentiality is essential for effective Internet security
>> counter-measures.
>> ______________________________**_________________
>>
>
More information about the nsp-security
mailing list