[nsp-sec] ACK .. Re: UDP flood against 83.218.20.202 - assistance tracking C&C & hackanonymous
Marc Kneppers
Marc.Kneppers at TELUS.COM
Thu Apr 12 20:02:30 EDT 2012
ACK for AS852
We'll check on that IP.
-
MArc Kneppers
Sr. Security Architect
SES, CTO, TELUS
On 12-04-12 2:45 PM, "Steve Colam" <sjc at eng.gxn.net> wrote:
>----------- nsp-security Confidential --------
>
>Hola Folks,
>
>Got a good old ransom note against a customer, and some UDP packets love
>on mostly 80 & 443
>
>Ransom notes came via AS5486 - if you're listening would appreciate if you
>can validate the next received lines, src on email claims to have come
>from
>178.209.50.214 AS29691. The miscreants say they are called hackanonymous
>
>Any help tracking down the C&C + who may have sent the ransom notes would
>be appreciated.
>
>dos src's below...
>
>Cheers,
>
>Steve @ AS5413
>
>--
>
>Steve Colam
>Head of Network Operations
>Daisy Communications Mobile: +44 797 153 4844
>steve.colam at daisygroupplc.com Direct: +44 208 587 6271
>PGP Key ID: 0x1C19D542 http://www.daisygroupplc.com/
>--
>
>
>...
>852 | 207.216.74.135 | 2012-04-12 19:46:31 GMT1 | ASN852 - Telus
>Advanced Communications
>...
More information about the nsp-security
mailing list