[nsp-sec] 6700 Chargen Reflectors
Torsten Voss
voss at dfn-cert.de
Fri Jun 28 07:58:49 EDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thanks and ACK 553, 680, 8365
Cheers,
Torsten
Am 26.06.2013 15:25, schrieb Krista Hickey:
> ----------- nsp-security Confidential --------
>
>
>
> Blast from the past...well not really as this is fairly prevalent but this
> 5Gbps gaming related attack early this morning caught my attention and then
> noticed it's using good ole Chargen reflectors. Fairly certain few of you
> have legitimate reason to have hosts responding to chargen on your network
> so attached is some fodder for internal discussion. They also have
> statically set the destination port so you should also be able to look for
> flows/logs to my target on destination port 2070/udp
>
> As before, share as required for mitigation, no attribution, strip the
> target unless necessary and if you need the /32 just contact me offlist.
>
> Krista 7992
>
>
>
>
>
> _______________________________________________ nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures. _______________________________________________
>
- --
Dipl.-Ing.(FH) Torsten Voss (Incident Response Team), Phone +49 40 808077-634
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-590
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlHNenkACgkQLn8qYyAllOTAcACfX4l1LpZcS1Z+8cNccGmREETt
xosAn3ayAl86fSbo4miB1hFFs5v2dJ+H
=NPUf
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list