[nsp-sec] DNS and SNMP Reflection Attack Hosts
Krista Hickey
Krista.Hickey at cogeco.com
Mon Jun 24 09:12:05 EDT 2013
Hi Peter
I'll send you an offlist email with the /32 but if anyone else needs it just let me know. I'm slowly sensitizing my management to be comfortable with releasing information so at the moment they want me to widely distribute (within trust communities) a /24 within the report but then provide the /32 only on demand to individuals....baby steps :)
So if anyone needs it I'm defiantly willing to share, just have to play the game right now.
Krista
-----Original Message-----
From: SURFcert - Peter [mailto:p.g.m.peters at utwente.nl]
Sent: Monday, June 24, 2013 4:26 AM
To: Krista Hickey
Cc: nsp-security at puck.nether.net
Subject: Re: [nsp-sec] DNS and SNMP Reflection Attack Hosts
* PGP Signed by an unknown key
Krista
Krista Hickey wrote on 24-06-2013 07:25:
> ----------- nsp-security Confidential --------
>
> File 622894 contains ~45K DNS resolvers observed attacking a host June
> 19, =
> 2013 (peak approx 1.5Gbps)
>
> File 3952583 contains ~28K SNMP resolvers observed attacking a
> different ho= st June 21, 2013 (peak approx 1Gbps)
Can you disclose the attacked hosts in question? A number of the IP addresses are NAT of dynamic.
--
Peter Peters /------\ SURFnet bv
SURFcert | SURF | cert.surfnet.nl
cert at surfnet.nl \-----\ \-----\ Postbus 19035
PGP Key ID 0x5A52C966 | CERT | NL-3501 DA Utrecht
+31 30 2305 305 \------/ fax: +31 30 2305 329
* Unknown Key
* 0x5CB1DD85
More information about the nsp-security
mailing list