[Snort-sigs] [Emerging-Sigs] Attack from .jp IPs

Mike Cox mike.cox52 at ...2420...
Tue Dec 7 10:39:56 EST 2010


I am also seeing increased traffic from APNIC.  My data carriers are
getting torpedoed and sunk pretty bad.  Can't resolve anything here
right now....

-Mike Cox

On Tue, Dec 7, 2010 at 9:36 AM, evilghost at ...3397...
<evilghost at ...3397...> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> A few of them were resolving for me here locally but as localhost?  I suspect
> some of these FQDNs may be sinkholed?  I was pointed to roothints.
>
> They no longer appear resolvable?
>
> - -evilghost
>
> On 12/07/10 09:28, Matt Olney wrote:
>> Do you have the original IPs?  Can't resolve any of those.
>>
>> Matt
>>
>> On Tue, Dec 7, 2010 at 10:18 AM, L0rd Ch0de1m0rt
>> <l0rdch0de1m0rt at ...2420... <mailto:l0rdch0de1m0rt at ...2420...>> wrote:
>>
>>     Hello, almost exactly at 7:41 AM this morning multiple servers in my
>>     enterprise are under attack by DDoS with TCP Zeroes-window size
>>     destined to port 1941 and 1207, the hosts appear to resolve PTR as
>>     hideki.tojo.jp <http://hideki.tojo.jp>, isoroku.yamamoto.jp
>>     <http://isoroku.yamamoto.jp>, tomoyuki.yamashita.jp
>>     <http://tomoyuki.yamashita.jp>, and more.
>>     Is anyone else seeing this?
>>
>>     Thanks.
>>
>>     -L0rd C.
>>
>>     ------------------------------------------------------------------------------
>>     What happens now with your Lotus Notes apps - do you make another costly
>>     upgrade, or settle for being marooned without product support? Time
>>     to move
>>     off Lotus Notes and onto the cloud with Force.com, apps are easier
>>     to build,
>>     use, and manage than apps on traditional platforms. Sign up for the
>>     Lotus
>>     Notes Migration Kit to learn more. http://p.sf.net/sfu/salesforce-d2d
>>     _______________________________________________
>>     Snort-sigs mailing list
>>     Snort-sigs at lists.sourceforge.net
>>     <mailto:Snort-sigs at lists.sourceforge.net>
>>     https://lists.sourceforge.net/lists/listinfo/snort-sigs
>>
>>
>>
>>
>> _______________________________________________
>> Emerging-sigs mailing list
>> Emerging-sigs at ...3335...
>> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>>
>> Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com
>> The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iQIcBAEBAgAGBQJM/lR+AAoJENgimYXu6xOHWZ4P/Avmvx4gYNVguT0jQeY1x5KR
> D6hzaMpdtxOS/yPeWaJm7MPzQiF1XlcoCSbth+JdAsO59bnh83B9jYN8fuorGxID
> T8ARbngA3tQWlyrjarxEZc/ihKnbjPWygPwQJOdn91QhP+g7fjXTfbuG3aU5BkM8
> q+CfNRsyiYr9tL6KuvvWCbd9wJq2/F+4VAY0lM2Um6x6L6oC1Ar7/d7ZO8iDV/M7
> Ei3iJEgmTBcG1Zs0N96p0VwwkycDH8UaY2H5rKKvegUIOpStWgFdj/6o1+CdWrhW
> FJavJwoa+4jfTQPapHrt2FuSyvFteOy1G5TBNzzMjgb/U2NjUlKI7GpURYnxsUcg
> fQ0vNhe1KKGscXMJNpltjE/xjX+46Nk9yLmeLnlx1yZvhq7+XgyaWjmztDOB6qvw
> f8Z6Ayx1QMWV5MiQUuoQEo6obqnTELTFI1RX3qRfPYLvBOz4dDyGpBc1rQQrxzry
> Xxi19pR3zULUNgaq1vIiD48f1FZw7nUaZt1aR6E58iLkwhMrEHAirGpHVGcjceRP
> /es63AKfF410kZcJJdVQjc77qdLnIkr9WGoakE7uOLYlJ4b9cZN/671ar5g+zslg
> eVT1a52zFIMbozw71jBQoDvCUJtnvxSe+Z0oy4ty55kU/KxayVb68sezyt4m7YSX
> iPQPyB3uqV7yFDEmfhVl
> =ASqR
> -----END PGP SIGNATURE-----
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at ...3335...
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com
> The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!
>




More information about the Snort-sigs mailing list