[Snort-sigs] [Emerging-Sigs] Attack from .jp IPs

Joel Esler jesler at ...435...
Tue Dec 7 10:44:54 EST 2010


We haven't had anything reported into the Internet Storm Center yet this
morning.

J

On Tue, Dec 7, 2010 at 10:41 AM, Josh Little <josh at ...3536...> wrote:

> Yes, we here at the University of Southern Sounds - Arizona campus, an
> online music school, have been under constant attacks since this morning.
> The hardest hit has been our online student magazine, which has been
> replaced with the cryptic message "y at ...3537...@m0t0 0wNZ$". Any ideas why this is
> happening?
>
> ZT
>
> On Tue, Dec 7, 2010 at 10:18 AM, L0rd Ch0de1m0rt <l0rdch0de1m0rt at ...2420...
> > wrote:
>
>> Hello, almost exactly at 7:41 AM this morning multiple servers in my
>> enterprise are under attack by DDoS with TCP Zeroes-window size
>> destined to port 1941 and 1207, the hosts appear to resolve PTR as
>> hideki.tojo.jp, isoroku.yamamoto.jp, tomoyuki.yamashita.jp, and more.
>> Is anyone else seeing this?
>>
>> Thanks.
>>
>> -L0rd C.
>> _______________________________________________
>> Emerging-sigs mailing list
>> Emerging-sigs at ...3335...
>> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>>
>> Support Emerging Threats! Subscribe to Emerging Threats Pro
>> http://www.emergingthreatspro.com
>> The ONLY place to get complete premium rulesets for Snort 2.4.0 through
>> Current!
>>
>
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at ...3335...
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreatspro.com
> The ONLY place to get complete premium rulesets for Snort 2.4.0 through
> Current!
>



-- 
Joel Esler
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20101207/a82cb3c5/attachment.html>


More information about the Snort-sigs mailing list