[nsp-sec] Looking for intel on possible HTTP DDoS on ticketek.com.au
Scott A. McIntyre
scott at howyagoin.net
Wed Apr 25 19:57:56 EDT 2012
Hi teams,
I'm still gathering technical facts, but, I was wondering if anyone had any intel on (likely) HTTP driven attack behaviour targeting either www.ticketek.com.au or premier.ticketek.com.au - those resolve to 202.58.55.173 and 202.58.55.175 respectively.
Over the last few days their servers have been flooded by requests by what MAY be bottish sources; from unexpected and unusual sources (the United States & Europe, for a website selling concert tickets in Australia).
24 April 2012 (Aussie time, so, typically +1100 at the moment) had a number of these unusual spikes.
Sorry for the lack of detail, we're still gathering information from the target (yesterday was a national holiday here...).
Thanks in advance for any insight!
Scott A. McIntyre
Telstra Australia
More information about the nsp-security
mailing list