[Snort-sigs] [Emerging-Sigs] Attack from .jp IPs

evilghost at ...3397... evilghost at ...3397...
Tue Dec 7 10:43:52 EST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

For what it's worth, I've not see anything pop up on the radar, I suspect this
may just be a hoax.

- -evilghost

On 12/07/10 09:41, Josh Little wrote:
> Yes, we here at the University of Southern Sounds - Arizona campus, an
> online music school, have been under constant attacks since this
> morning. The hardest hit has been our online student magazine, which has
> been replaced with the cryptic message "y at ...3537...@m0t0 0wNZ$". Any ideas why
> this is happening?
> 
> ZT
> 
> On Tue, Dec 7, 2010 at 10:18 AM, L0rd Ch0de1m0rt
> <l0rdch0de1m0rt at ...2420... <mailto:l0rdch0de1m0rt at ...2420...>> wrote:
> 
>     Hello, almost exactly at 7:41 AM this morning multiple servers in my
>     enterprise are under attack by DDoS with TCP Zeroes-window size
>     destined to port 1941 and 1207, the hosts appear to resolve PTR as
>     hideki.tojo.jp <http://hideki.tojo.jp>, isoroku.yamamoto.jp
>     <http://isoroku.yamamoto.jp>, tomoyuki.yamashita.jp
>     <http://tomoyuki.yamashita.jp>, and more.
>     Is anyone else seeing this?
> 
>     Thanks.
> 
>     -L0rd C.
>     _______________________________________________
>     Emerging-sigs mailing list
>     Emerging-sigs at ...3335...
>     <mailto:Emerging-sigs at ...3335...>
>     http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> 
>     Support Emerging Threats! Subscribe to Emerging Threats Pro
>     http://www.emergingthreatspro.com
>     The ONLY place to get complete premium rulesets for Snort 2.4.0
>     through Current!
> 
> 
> 
> 
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at ...3335...
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> 
> Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com
> The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJM/lY4AAoJENgimYXu6xOHUo4P/RK6H9cS3nq/cnW3q0yTZoWD
4QjeiyaVwV0t1cPn5UHOC/ByTnyHy21IaY1iR/vXScgC3q3TB1q2RXSqpbpCpPnc
y4Z5CSc7wiAurIAyX0xkp3tBjVaktiwTfEptR5tG99Gk5eskTVX586IXRH2/rTWc
p3y/rf48y1LXIYunwe+KHTe5scUV7I9hxLEiZFysAFspALEkqDk5NHuko8VxDo6G
DOhPo1jOOOQGFoyhVhwz5XIEn9R0jUkRk7sU5d2CTZMFscz5sm2k8xrKsjjjg59v
Es2W0AiHshkhT2ROKuk8GqbOTeCKa1C5JlSBFQC8l1tkwWhv/GBzQNsuhXWIswlP
vmS71exUlwNqfbSt5Z2e/5j04UykRqKwVjuNTupYniHCekaMTJ5GzLyj/toaZZKC
L8wygmbKoY5iZdV6ilQBBdDA9dQssMw2WybNOqbj1mRIJD6dOV2F182jCZzL7d2O
P5Bgoa7VqGXk1RglubgBlEPsUxenrrwIxgv2X0MnrRVBWL70TUTKu17yAeRD+JIn
hyjdsDk8Vqy9GaoWxWsfp0Odiro4zYoLjc3qkBBrq0yYjk3m5NitqHOaE0dHdeMq
E+qpBPrFMmY5SBJDCDsZI4ukjCMJx9SHAYf+QveKt4VPbM2Yk9vKmOMkRO9/KIQg
Oc/VS5/njTg8XiOPsfBD
=U3oI
-----END PGP SIGNATURE-----




More information about the Snort-sigs mailing list