[nsp-sec] DDoS against Azerbaijan gov-CERT, April 24: Softlayer, HopOne
Nicholas Ianelli
ni at allyourinfoarebelongto.us
Mon Apr 23 18:05:04 EDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/23/2012 02:59 PM, Nicholas Ianelli wrote:
> ----------- nsp-security Confidential --------
>
>
>> [v4.whois.cymru.com]
>> AS | IP | AS Name
>> 36351 | 184.172.176.54 | SOFTLAYER - SoftLayer Technologies Inc.
>> 14361 | 66.148.120.124 | HOPONE-GLOBAL - HopOne Internet Corporation
>> 21844 | 174.121.134.34 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
>
> Initial indicators point to the three IP addresses listed above as being
> spoofed.
>
> Alerting is being put in place at HopOne so if large amounts of traffic
> are sourced from their network tomorrow, we'll know about it.
Ok, I retract the spoofing statement I made above. Arnold provided me
with some additional information Tural just sent to the list. For those
following, the victim identified 42,680 unique IP addresses involved in
the attack (from HTTP Header). According to them, only 1 request/IP was
sent during the attack window as a test.
We were seeing traffic, just not large amounts, so the above could
indeed be acting as proxies.
I've informed both parties of the updated information.
Cheers,
Nick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk+V0hAACgkQi10dJIBjZIDZTQCgm8QS6DvkyqShujNuo0oRD+LQ
LeQAnRMPmhXwsxLxwNvMXa2h2CYPVpyN
=WhdG
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list