[Snort-sigs] [Emerging-Sigs] Attack from .jp IPs

Josh Little josh at ...3536...
Tue Dec 7 10:41:41 EST 2010


Yes, we here at the University of Southern Sounds - Arizona campus, an
online music school, have been under constant attacks since this morning.
The hardest hit has been our online student magazine, which has been
replaced with the cryptic message "y at ...3537...@m0t0 0wNZ$". Any ideas why this is
happening?

ZT

On Tue, Dec 7, 2010 at 10:18 AM, L0rd Ch0de1m0rt
<l0rdch0de1m0rt at ...2420...>wrote:

> Hello, almost exactly at 7:41 AM this morning multiple servers in my
> enterprise are under attack by DDoS with TCP Zeroes-window size
> destined to port 1941 and 1207, the hosts appear to resolve PTR as
> hideki.tojo.jp, isoroku.yamamoto.jp, tomoyuki.yamashita.jp, and more.
> Is anyone else seeing this?
>
> Thanks.
>
> -L0rd C.
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at ...3335...
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreatspro.com
> The ONLY place to get complete premium rulesets for Snort 2.4.0 through
> Current!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20101207/86532cb6/attachment.html>


More information about the Snort-sigs mailing list