Title: Re: Destructive botnet originating from Japan
Prolexic qualifies. They do what MCI, ATT, Arbor, and others do regarding ddos mitigation and, IMHO, should be a shoe in. I was... subscribed and we are less valuable to the overall good so you decide (we do have presence ther though
Title: Re: Destructive botnet originating from Japan
(jon I know you didn't say, but the original must have got nailed in my spam filters)
The best thing about this statement is that since I don't report to nanog nsp-sec, or Tyler Durden, the first rule of fight club can ki
On Sun, 25 Dec 2005, Rubens Kuhl Jr. wrote:
The first rule of nsp-sec is, you do not talk about nsp-sec
The second rule of nsp-sec is, you DO NOT talk about nsp-sec
https://puck.nether.net/mailman/listinfo/nsp-security
There's nothing secret about the existence or purpose of the list.
I don
Richard A Steenbergen [mailto:[EMAIL PROTECTED]
> Sent: Sun Dec 25 04:25:15 2005
> To: Gadi Evron
> Cc: Rob Thomas; NANOG
> Subject: Re: Destructive botnet originating from Japan
>
>
> On Sun, Dec 25, 2005 at 02:06:38AM -0600, Gadi Evron wrote:
>
What's nsp-sec?
A bot chasers' list.
.. Original Message ...
On Sun, 25 Dec 2005 15:03:18 -0500 "Hannigan, Martin"
<[EMAIL PROTECTED]> wrote:
>What's nsp-sec?
>
randy
___
sent from a handheld, so even more terse than usual :-)
Title: Re: Destructive botnet originating from Japan
What's nsp-sec?
-Original Message-
From: Richard A Steenbergen [mailto:[EMAIL PROTECTED]]
Sent: Sun Dec 25 04:25:15 2005
To: Gadi Evron
Cc: Rob Thomas; NANOG
Subject: Re: Destructive botnet originating
The guy rebuilt his botnet last night, you may want to watch flows to
AS32787 to find the bots on your network.
-Barrett
On Sun, 25 Dec 2005, Richard A Steenbergen wrote:
> On Sun, Dec 25, 2005 at 02:06:38AM -0600, Gadi Evron wrote:
> >
> > It is difficult to hear something important that one invested much in is
> > doing harm, but that is the only conclusion I and others can come up with
> > after years of study,
On Sun, Dec 25, 2005 at 02:06:38AM -0600, Gadi Evron wrote:
>
> It is difficult to hear something important that one invested much in is
> doing harm, but that is the only conclusion I and others can come up with
> after years of study, and NSP-SEC, as amazing as it has been, has been of
> a nega
> What I find shocking is that machines that should be more secured or
> at least monitored better appear to run for long periods going
> unnoticed. It seems that some system administrators are just not
> paying attention to large outbound bursts from their networks.
Sadly:
s/paying atten
Rob,
You made a good point on the duration of the attacks, I neglected to
notice the attack command was set to 9. One of our engineers
logged the bot master issuing the attack command:
[EMAIL PROTECTED] PRIVMSG $127.0.0.1 :.dos 9 s|
xxx.xxx.xxx.xxx|80
9 is the number of
Prolexic is currently mitigating a 6+ Gbps (12+ Million PPS) DDoS attack that is orginitating from an IRC based botnet server in Japan. The bot software itself runs on GLIBC_2.1.3, GLIBC_2.1, and GLIBC_2.0 compatible x86 Linux boxen. The bot software is about 28.3 KB, it has a lot of capabilities
12 matches
Mail list logo
