[nsp-sec] Apparent outbound DDoS attacks against: 79.116.2.258, 204.188.217.52, 60.247.126.128 and 202.79.7.22
Chris Morrow
morrowc at ops-netman.net
Fri Sep 16 16:49:07 EDT 2011
On 09/16/11 16:43, John Fraizer wrote:
> Ya, but the host also has current flows to a DDoS-RS host as well
> though. Coincidence?
>
Connected to 74.55.36.105.
Escape character is '^]'.
220 Welcome to the FTP service at Levelstar!
suspect someone's machine is compromised :( ThePlanet can probably fix
this :)
> 2011-09-16 20:07:08.374 0.000 TCP74.112.172.29:56160 <http://74.112.172.29:56160> -> 74.55.36.105:3303 <http://74.55.36.105:3303> 1 60 1
>
> 2011-09-16 20:08:39.031 0.000 TCP74.112.172.29:56160 <http://74.112.172.29:56160> -> 74.55.36.105:3303 <http://74.55.36.105:3303> 1 60 1
> 2011-09-16 20:10:08.874 0.000 TCP74.112.172.29:56160 <http://74.112.172.29:56160> -> 74.55.36.105:3303 <http://74.55.36.105:3303> 1 60 1
>
> 2011-09-16 20:29:38.501 0.000 TCP74.112.172.29:56160 <http://74.112.172.29:56160> -> 74.55.36.105:3303 <http://74.55.36.105:3303> 1 60 1
>
>
>
> On Fri, Sep 16, 2011 at 4:40 PM, Chris Morrow <morrowc at ops-netman.net
> <mailto:morrowc at ops-netman.net>> wrote:
>
> this kinda feels like a regular old normal irc controlled botnet
> taking out someone's competition for a channel.
>
> On 09/16/11 16:37, John Fraizer wrote:
>
> ----------- nsp-security Confidential --------
>
>
> New target: 141.30.37.165 TCP/53
>
>
> _________________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net <mailto:nsp-security at puck.nether.net>
> https://puck.nether.net/__mailman/listinfo/nsp-security
> <https://puck.nether.net/mailman/listinfo/nsp-security>
>
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security
> community. Confidentiality is essential for effective Internet
> security counter-measures.
> _________________________________________________
>
>
More information about the nsp-security
mailing list