[nsp-sec] DDOS Fun
Gilmore, Patrick
patrick at akamai.com
Wed Sep 19 11:54:09 EDT 2012
On Sep 19, 2012, at 11:25 , "King, Link" <link.king at neustar.biz> wrote:
> We have one of the current targets of the ongoing financial services
> targets. Target IP's:
>
> 156.154.64.70
> 156.154.65.70
> 156.154.66.70
> 156.154.67.70
> 156.154.68.70
> 156.154.69.70
>
>
> Attached are the current heavy hitters. The signature is TCP SYN (port
> 53) and UPD/53 with AAAAAA's stuffed in the packet (large UDP packets).
> These are authoritative nameservers so don't kill all TCP/UDP 53 traffic
> but if possible please deal with the sources.
>
> I'll update as sources/attack changes. Thanks!
Probably same people who hit us yesterday. And others as well.
Wonder what they are doing here? Testing for future? Just randomly hitting everyone they can think of? Are they honestly pissed at that many different providers? or is there something we all share that the miscreant hates?
--
TTFN,
patrick
More information about the nsp-security
mailing list