[nsp-sec] AT&T blackholing IPs
Nick Ianelli
ni at allyourinfoarebelongto.us
Tue Oct 9 17:12:29 EDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Many of the IPs in these lists can also be seen in the emails I've
been sending out recently. The information can be cross-correlated to
identify the infected web servers (specific sites).
Nick
On 10/09/2012 08:15 PM, FORSTER, ROB wrote:
> ----------- nsp-security Confidential --------
>
>
>
> AT&T (AS7108) is blackholing around 800 IP addresses as sources of
> attacks against our customers. Most, if not all, of these are web
> servers. The two attached Excel files are sorted by ASN. Please let
> me know when the systems have been remediated. We can then arrange
> to remove the IP from the blocks. Please email me if you have any
> questions or the IP has been fixed.
>
>
>
> Thanks.
>
> Rob Forster AT&T rf1542 at att.com
>
>
>
>
>
>
> _______________________________________________ nsp-security
> mailing list nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security community. Confidentiality is essential for effective
> Internet security counter-measures.
> _______________________________________________
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAlB0kz0ACgkQi10dJIBjZIA5mQCgpXgnVDcvYCMKF+NW7ICD60us
O/cAnRlj2Ko1ozITU88thyAwBTW3zP2/
=VQZm
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list