[nsp-sec] DDOS Fun
Smith, Donald
Donald.Smith at CenturyLink.com
Wed Sep 19 17:12:21 EDT 2012
I am getting this from a third party that is watching the c and c for the BoA now Chase attack.
>
> 159.53.60.54[#]80[#]2[#]7000 ==ZGH5YwHmYwLjYwH0JlAqBQOoV10lJlAqAmNjZN -
> Wed Sep 19 15:27:16 CDT 2012
> 159.53.60.54[#]80[#]2[#]7000 ==ZGH5YwHmYwLjYwH0JlAqBQOoV10lJlAqAmNjZN -
> Wed Sep 19 15:34:58 CDT 2012
(coffee != sleep) & (!coffee == sleep)
Donald.Smith at centurylink.com<mailto:Donald.Smith at centurylink.com>
________________________________
From: nsp-security-bounces at puck.nether.net [nsp-security-bounces at puck.nether.net] on behalf of Leif Nixon [nixon at nsc.liu.se]
Sent: Wednesday, September 19, 2012 1:39 PM
To: nsp-security at puck.nether.net
Subject: Re: [nsp-sec] DDOS Fun
----------- nsp-security Confidential --------
Leif Nixon <nixon at nsc.liu.se> writes:
> "King, Link" <Link.King at neustar.biz> writes:
>
>> Attached are the current heavy hitters. The signature is TCP SYN (port
>> 53) and UPD/53 with AAAAAA's stuffed in the packet (large UDP packets).
>> These are authoritative nameservers so don't kill all TCP/UDP 53 traffic
>> but if possible please deal with the sources.
>
> Working on this one.
>
> 41943 | 217.25.40.6 | 217.25.32.0/20 | SE | ripencc | 2006-02-10 | VMI-KISTA Vaddo Media Information IS AB
OK, it should shortly be off the net.
--
Leif Nixon - Security officer
National Supercomputer Centre - Swedish National Infrastructure for Computing
Nordic Data Grid Facility - European Grid Infrastructure
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________
More information about the nsp-security
mailing list