[nsp-sec] DDOS Fun

[Phil Rosenthal]

Seems pretty obvious they aren't upset with providers, but rather with Financial institutions.

Looked to me last night that Bank Of America's site was live without any problems, so they probably moved on to other targets to try and find if their current attack worked on anyone.  If not, they will probably work on improving it.

There's probably a very limited group of companies that host DNS for "Too Big To Fail" banks, so likely Akamai and Neustar will see the bulk of these attacks.

-Phil
On Sep 19, 2012, at 11:54 AM, "Gilmore, Patrick" <patrick at akamai.com> wrote:

> ----------- nsp-security Confidential --------
> 
> On Sep 19, 2012, at 11:25 , "King, Link" <link.king at neustar.biz> wrote:
> 
>> We have one of the current targets of the ongoing financial services
>> targets.  Target IP's:
>> 
>> 156.154.64.70
>> 156.154.65.70
>> 156.154.66.70
>> 156.154.67.70
>> 156.154.68.70
>> 156.154.69.70
>> 
>> 
>> Attached are the current heavy hitters.  The signature is TCP SYN (port
>> 53) and UPD/53 with AAAAAA's stuffed in the packet (large UDP packets).
>> These are authoritative nameservers so don't kill all TCP/UDP 53 traffic
>> but if possible please deal with the sources.
>> 
>> I'll update as sources/attack changes.  Thanks!
> 
> Probably same people who hit us yesterday.  And others as well.
> 
> Wonder what they are doing here?  Testing for future?  Just randomly hitting everyone they can think of?  Are they honestly pissed at that many different providers? or is there something we all share that the miscreant hates?
> 
> -- 
> TTFN,
> patrick
> 
> 
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________