We are aware of an ongoing DDoS against several high-profile web sites. Public details are in these online stories: http://blogs.csoonline.com/online_attack_hits_us_government_web_sites http://hosted.ap.org/dynamic/stories/U/US_CYBER_ATTACK There have also been sketchy reports that South Korean websites are experiencing outages. We are looking for any additional information, especially technical reports or packet captures. Please use our contact page. Marcus H. Sachs |
Marcus 301 Posts ISC Handler Jul 8th 2009 |
Thread locked Subscribe |
Jul 8th 2009 1 decade ago |
Seems like S. Korea has been hit for sure:
http://news.bbc.co.uk/2/hi/technology/8139821.stm http://english.yonhapnews.co.kr/national/2009/07/08/79/0301000000AEN20090708008300315F.HTML |
Anonymous |
Quote |
Jul 8th 2009 1 decade ago |
Why the "RFI" label in the title of this diary entry? I have not seen any news story confirmation that RFI has played a role in these attacks. Botnet herding by use of RFI attacks against vulnerable PHP websites is certainly a widely used attack vector to draft web servers into a botnet but I have not seen any confirmed reports that these DDoS attacks are leveraging compromised websites. Has anyone seen news to the contrary?
|
Anonymous |
Quote |
Jul 8th 2009 1 decade ago |
RFI = Request for Information
|
Marcus 301 Posts ISC Handler |
Quote |
Jul 8th 2009 1 decade ago |
Ah... acronym conflits strike again as the RFI I run into day-to-day is Remote File Inclusion attacks.
|
Marcus 7 Posts |
Quote |
Jul 8th 2009 1 decade ago |
http://www.computerworld.com/s/article/9135279/Updated_MyDoom_responsible_for_DDOS_attacks_says_AhnLab
|
Karl 14 Posts |
Quote |
Jul 8th 2009 1 decade ago |
Can we get a list of IPs under attack so we can check our flow data for customers hammering those sites? We SPs can be part of the solution if we can get the necessary info.
|
Anonymous |
Quote |
Jul 8th 2009 1 decade ago |
Yes please, prominent IPs under attack and common ports or attack vectors if possible?
|
hacks4pancakes 48 Posts |
Quote |
Jul 8th 2009 1 decade ago |
re update 4 - the US govt sites all seem OK. Others, such as www.president.go.kr are still inaccessible.
|
Anonymous |
Quote |
Jul 9th 2009 1 decade ago |
I just received a "Nice" email from a company trying to exploit these attacks to increase their business ...
***************Pasted content of the email ************* Mike, I have some important news that I wanted to share with you regarding a recent information security threat that SecureWorks has been tracking. SecureWorks Counter Threat Unit (CTU) and Joe Stewart have been analyzing the code behind the botnet launching the denial-of-service attacks against US government sites, US commercial sites and South Korean sites. Stewart was quoted in nearly 4,000 press articles for the work. The July 4th weekend DDOS exposed a range of vulnerabilities in the attacked sites. While several ill-prepared organizations had their sites shut down, the protected ones were met with minimal disruption. If you are interested in learning more, you can readfurther information about the DDOS attacks here: New York Times: Business Week: http://www.nytimes.rsvp1.com/s15040nmiit Washington Post: http://www.businessweek.rsvp1.com/s191c1nmiiv CIO: http://www.washingtonpost.rsvp1.com/s15540nmiixhttp://www.cio.rsvp1.com/s19581nmiiy Along with the DDOS attacks, SecureWorks also made news this weekwith our acquisition of VeriSign’s MSS business: http://www.secureworks.rsvp1.com/s194c1nmiiz ). SecureWorks now has over 2,600 clients worldwide and is the largest pure-play provider of Managed Security and Security-as-a-Service offerings. If you would be interested in speaking with me or my associate, Don Addington, further about any of the above information, please do not hesitate to give me a call or respond with an email. Have a great weekend! ******************* End of Paste *************** Does this bother anyone else?? |
Michael 1 Posts |
Quote |
Jul 10th 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!