[nsp-sec] 6700 Chargen Reflectors
Beth Young
youngba at ren-isac.net
Wed Jun 26 13:44:02 EDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Krista,
Ack for .edu. Notifying these organizations:
alfred.edu
asu.edu
cwru.edu
ena.com
fiu.edu
gmu.edu
maine.edu
osogrande.com
rit.edu
scu.edu
sunysb.edu
tbr.edu
unh.edu
uoguelph.ca
usf.edu
virginia.edu
mcgill.ca
vt.edu
yale.edu
gettysburg.edu
neu.edu
lincoln.edu
harvard.edu
mit.edu
isc.upenn.edu
wcc.edu
Thanks!
Beth
On 6/26/2013 8:25 AM, Krista Hickey wrote:
> ----------- nsp-security Confidential --------
>
>
>
>
> Blast from the past...well not really as this is fairly prevalent
> but this 5Gbps gaming related attack early this morning caught my
> attention and then noticed it's using good ole Chargen reflectors.
> Fairly certain few of you have legitimate reason to have hosts
> responding to chargen on your network so attached is some fodder
> for internal discussion. They also have statically set the
> destination port so you should also be able to look for flows/logs
> to my target on destination port 2070/udp
>
> As before, share as required for mitigation, no attribution, strip
> the target unless necessary and if you need the /32 just contact me
> offlist.
>
> Krista 7992
>
>
>
>
>
> _______________________________________________ nsp-security
> mailing list nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security community. Confidentiality is essential for effective
> Internet security counter-measures.
> _______________________________________________
- --
Beth Young, CISSP
soc at ren-isac.net
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEVAwUBUcsoYnOn520JM2MZAQLKYAgAhTyw+x32QkAg2G11cJGsHjpF4fdlXTph
RjC/1OPXGLYA++yxHrliYKzlpt8eD6e1krGZabM+VOHkRcEq07M4O+nHaEppKN02
DL2JoafcbOLEELfLV5XnjXUBKELbb7WIn7Y3qdfXBrB5uN+mQ7Yh4wuXgnWzPQHx
NJnHtpfSkdLEI1rtDsr5qgy17ocHY6447uu1X4ReDfXD5pEhxs/nc5l/rRUYjePf
swSA8KiFnH+xbM51MmSklEhasOy69N3IUHA+3Ho4rztMMQs0VVQnNGHrTHLQFacj
CfToOY1Ln3iaoLq+kfDsBWmeeyYtAvm+w/kRQRwadoQZEcehrSupyg==
=Crns
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list