25 Sep
2016
25 Sep
'16
6:40 p.m.
On Sun, Sep 25, 2016 at 1:01 PM, Brett Glass <nanog@brettglass.com> wrote:
As an ISP who is pro-active when it comes to security, I'd like to know what IP address(es) are being hit by the Krebs on Security DDoS attack. If we know, we can warn customers that they are harboring infected PCs and/or IoT devices. (And if all ISPs did this, it would be possible to curtail such attacks and plug the security holes that make them possible.)
130.211.45.45 (it's just the one IP, not DNS-balanced). Thanks for your interest in cleaning up your infected customers! 10,000 ASNs to go.... Damian -- Damian Menscher :: Security Reliability Engineer :: Google :: AS15169