[nsp-sec] DDoS help for Freenode
Borja Marcos
BORJAMAR at SARENET.ES
Tue Feb 4 03:09:41 EST 2014
On 03/02/2014, at 23:15, Dave Monnier <dmonnier at cymru.com> wrote:
> ----------- nsp-security Confidential --------
>
> Team,
>
> The folks at Freenode have requested help in stopping a ~10Gb UDP-based
> attack affecting them. They ask that people willing to help look for
> UDP attack traffic going to the servers in this list to ID compromised
> web servers.
One hit here (AS3262), although fortunately it's little traffic, it's a server behind an ADSL. According to Netflow it has indeed contacted that "tcp.mn", which, by the day, on dnsdb appears with an interesting fakish domain name, markmnitor.com.
Filtered, customer warned, and "markmnitoresque" address blackholed for now.
Cheers!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20140204/6fddb337/attachment-0001.sig>
More information about the nsp-security
mailing list