[nsp-sec] YARL (Yet Another Resolver List)
Krista Hickey
Krista.Hickey at cogeco.com
Wed May 29 12:51:24 EDT 2013
Apologies if this is a duplicate for you and note that Google folks can disregard the Google IPs in the list as they are false positive but I don't want to modify the attachments and cause any confusion in case others on your team are already actioning.
I've attached 2 resolver lists that I observed participating in attacks (both appear gaming related) on two unique IPs in our network. Attachment 615598 is just a couple hundred mostly European and Russian open
resolver hosts, attachment 618320 is more global list of ~14K unique hosts. I've appended a note at the top of each file with the timestamp and /16 of the target, I can be more specific if you're planning on tracing (please do).
As before, share as required for mitigation but no attribution please (and strip target /16 unless absolutely necessary).
Thanks
Krista
PS - As before, also seeing some 'WARNING: recursion requested but not available' which doesn't matter much to the victim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 615598
Type: application/octet-stream
Size: 25681 bytes
Desc: 615598
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20130529/d0a7463c/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 618320
Type: application/octet-stream
Size: 1693873 bytes
Desc: 618320
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20130529/d0a7463c/attachment-0003.obj>
More information about the nsp-security
mailing list