[nsp-sec] bitcoinbountyhunter extortion DDoS attack -> cars.com (74.199.98.141) AS3356, AS6461
Wentworth, Brett
Brett.Wentworth at Level3.com
Tue Apr 21 18:40:31 EDT 2015
Lawrence,
Do you know if there is a ticket number with Level3 ? I don¹t see
anything on our radar, but the ticket could be hung up in some other org
if the case did not get routed properly.
Thanks,
Brett
-----Original Message-----
From: Lawrence Baldwin <baldwinl at mynetwatchman.com>
Date: Tuesday, April 21, 2015 at 3:44 PM
To: "nsp-security at puck.nether.net" <nsp-security at puck.nether.net>
Subject: [nsp-sec] bitcoinbountyhunter extortion DDoS attack -> cars.com
(74.199.98.141) AS3356, AS6461
>----------- nsp-security Confidential --------
>
>This attack is ongoing as of 3:35 Central and is ongoing at the
>moment..related to BCBH extortion activity.
>
>Victim is already in contact with Nocs from Level 3 and Abovenet, but
>if anyone here can help ensure that DDoS mitigation teams are engaged
>I'd appreciate it. I can be reached via mobile: 404-933-9511
>
>Attack is UDP..I don't have payload, but from what I understand it's
>NTP/DNS amplification activity.
>
>Also, anyone working cases involving this crew I'm looking to do an LE
>referral on it.
>
>--
>Lawrence Baldwin
>Chief Forensics Officer
>myNetWatchman.com
>Atlanta, GA
>+1.678.624.0924
>
>
>_______________________________________________
>nsp-security mailing list
>nsp-security at puck.nether.net
>https://puck.nether.net/mailman/listinfo/nsp-security
>
>Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
>community. Confidentiality is essential for effective Internet security
>counter-measures.
>_______________________________________________
More information about the nsp-security
mailing list