loading

178845 author: tdp_org@mastodon.social 12 Feb 12:29
tags: #bbc #ddos #infossec #webstats

I've been working on an automated triager for the frequent volumetric DDOS we see against www.bbc.com & www.bbc.co.uk.

The idea is to use our edge access logs (stored in BigQuery) to isolate & describe the attack traffic then recommend any additional mitigations/filters etc. It also gives us a database of DDOS metrics/sources we can reference.

Obviously I had to add the obligatory pew-pew map.

Dark mode map of the earth with an overlay of circles denoting the source countries for a recent DDOS. The circles are varying sizes, larger indicate more traffic from that country.
USA, India, Indosia, Vietnam & Germany have the largest circles & thus the larger sources of attack traffic though there are around 50 source countries in all.

137303 author: resingm@infosec.exchange 24 Dec 2024 23:52
tags: #DDOSIA #ddos #israel #noname #noname057 #russia

Looks like #NoName057 went after Israeli websites. Was it the first time? Any clues what could have provoked it?

131666 author: jmeyer@infosec.exchange 17 Dec 2024 07:55
https://social.circl.lu/@NoName57Bot/113666772362281488
tags: #ddos #threatintel

Germany is NoName’s focus again today, with a mix of government websites and industrial/energy company sites being targeted.

About two thirds of the websites are affected so far. (And the two sites from the federal government are still standing, thanks to an anti-bot challenge/rate limiting.)

New configuration detected for DDosia. Hosts:
* group.vattenfall.com
* www.tunap.com
* www.pfleiderer.com
* www.schwarzbeck.de
* www.vng.de
* shop.semikron-danfoss.com
* carl-walther.de
* www.mc-bauchemie.de
* eshop.tunap.de
* cvd.bundesregierung.de
* www.semikron-danfoss.com
* www.sefe-energy.eu
* www.bundesregierung.de
* www.vattenfall.de
* still.de
* www.meyle.com #ThreatIntel #Ddosia #NoName
* https://witha.name/data/2024-12-17_07-35-02_DDoSia-target-list-full.json
*

130853 author: jmeyer@infosec.exchange 16 Dec 2024 08:14
tags: #ddos #threatintel

Shockingly high effectiveness today — most sites are down.

Table of HTTP requests showing hosts, IPs, methods (GET/POST), ports (443), SSL use, and paths. Includes domains like grob-aircraft.com, baywa.com, and auticon.com, with detailed endpoints and request types.

Website monitoring dashboard showing response times and statuses. Several sites, like cobus-industries.com and leoni.com, show failures (❌) with high latency (~10,000ms), while others, like gestra.com and man-es.com, are responsive (✔) with lower latency (~2,900ms and ~465ms).

130852 author: jmeyer@infosec.exchange 16 Dec 2024 07:33
tags: #ddos #threatintel

Not much media but German industrial sector targeted today by NoName (and extra malus points for targeting Auticon, an IT firm that hires folks on the autism spectrum).

List of targets with IP addresses and FQDNs:

5.175.14.244 alurheinfelden.com
5.175.14.244 rheinfelden-semis.eu
5.175.14.244 rheinfelden-carbon.eu
35.207.144.1 www.leoninedistribution.com
45.87.137.69 www.elbeflugzeugwerke.com
51.104.28.74 www.gestra.com
62.54.109.69 mdm01.grob-aircraft.com
78.47.219.85 www.avancis.de
82.135.119.141 www.baywa.com
85.13.162.233 bonventure.de
88.198.198.106 www.kettner.de
92.204.39.5 auticon.com
149.247.178.176 www.man-es.com
185.33.216.90 www.haupa.com
185.237.65.59 grob-aircraft.com
188.40.218.57 www.bertrandt.com
212.53.132.9 www.leoni.com
213.216.11.49 www.cobus-industries.com

130851 author: jmeyer@infosec.exchange 13 Dec 2024 11:38
tags: #ddos #threatintel

NoName is getting its volunteers to do some reconnaissance on German media websites: