SSDP Distributed Reflection Denial of Service (DrDoS) Attacks may be biggest threat – Traffic Sample & Snort Rule

SSDP Distributed Reflection Denial of Service attacks are on the rise and may be the biggest threat right now. SSDP attacks do not have the biggest amplification number but they may have the most vulnerable systems to abuse in a reflection attack. Open source reports indicate that there are over 5 million vulnerable systems worldwide as of August 2015. One of our dedicated servers was attacked by this DoSnet earlier this morning. We detected over 155,000 unique IP addresses involved in the attack and bandwidth spikes from 100MB/sec to 500MB/sec. The actual statistics are not confirmable as there was massive […]

MyDoom DDoS $38 Billion Dollar P2P Malware Botnet PCAP Download Traffic Sample

MyDoom Botnet MyDoom has several methods of impacts, but main attacks are DDOSMyDoom uses DGA for its P2P communications but also some Command and Control Server Damage of an estimated $38.7 billion was caused by the fastest spreading malware Mydoom to Microsoft Windows-based computers. Spyware is a deadly malware that extracts a company’s confidential information without awareness of the company. 2019-07-15 13:00:22.289866 IP 10.7.15.101.51171 > 10.7.15.1.53: 48767+ MX? acm.org. (25) E..5…….. ..e ……5.!X…………..acm.org….. 2019-07-15 13:00:22.340366 IP 10.7.15.1.53 > 10.7.15.101.51171: 48767 1/0/0 MX mail.mailroute.net. 10 (59) E..W…….G … ..e.5…C……………acm.org……………… .mail mailroute.net. 2019-07-15 13:00:22.348650 IP 10.7.15.101.53658 > 10.7.15.1.53: 65013+ A? mail.mailroute.net. (36) […]

Ursnif and Pushdo Trojan DDoS Botnet Malware Infection PCAP file download traffic sample

2019-07-29 12:48:13.981152 IP 10.7.29.101.49158 > 185.244.213.113.443: Flags [P.], seq 1:118, ack 1, win 64240, length 117 E….]@…C, ..e…q….r.Z…..P………..p…l..]=…A..}}.5T+…M%…$…Lr*,.6…./.5… ….. . .2.8…….+…………..riuytessl.xyz. ………….. 2019-07-29 12:48:13.981273 IP 185.244.213.113.443 > 10.7.29.101.49158: Flags [.], ack 118, win 64240, length 0 E..(…….t…q ..e……..r.Z.P…EP.. 2019-07-29 12:48:14.192305 IP 185.244.213.113.443 > 10.7.29.101.49158: Flags [P.], seq 1:1383, ack 118, win 64240, length 1382 E…………..q ..e……..r.Z.P………..]…Y..]?#Ny.8…..-…. i………!a.. .BAB…..i.PQ.?Qa&..K….’.6z…………………………………i0..e0..M……..y@.TCg.,..Xc.oo .0.. *.H……..0J1.0 ..U….US1.0…U. ..Let’s Encrypt1#0!..U….Let’s Encrypt Authority X30…190719142342Z..191017142342Z0.1.0…U….riuytessl.xyz0..”0.. .H………….0.. ……….(C.9.U.k…..j.C.U.6..|a….k…M.. ……”q….O..q..V.g4.k.i….:?….(……………….+G..I.u..]k..3…..<….au..].L’xLh…..#9q.r.k……?.fCib..4[}P……p……Y.U..y.:..i……p..Zt5s}. .z]A@azl.t..D..X….dVU..Rcp.o.l!..^,.1.1…q…….Mn.. ..Vl..5…….U0S’.y?…….>hr…7…..=.. .k!TS_n.UE#N……F.dvi…ws….Q….#\PT.06…..+1.Y.g.?W.o-…#%,[..U….P.7….DMe…….|e.Z..-0….F9H….j./…Zj.]… VJ…~.ayy..Ny;h.u.i.’.{U3$c…………&.5c|……6……9. …..X.)py.………….u0..q0…U………..0…U.%..0…+………+…….0…U…….0.0…U……:.$’.UF.W.x.*.h&….0…U.#..0….Jjc.}….9..Ee…..0o..+……..c0a0…+…..0..”http://ocsp.int-x3.letsencrypt.org0/..+…..0..#http://cert.int-x3.letsencrypt.org/0+..U…$0″..riuytessl.xyz..www.riuytessl.xyz0L..U. .E0C0…g…..07..+……….0(0&..+………http://cps.letsencrypt.org0…. +…..y…………v.oSv.1.1…..Q..w…….)…..7…..l ..c…..G0E.!…..T..X.LB……..~Z.…V….. .+/.|Ri.e….5.…vO..w../.]….v.) 10.7.29.101.49158: Flags [.], seq 1383:2843, ack 118, win 64240, length 1460 E…………..q ..e…….xr.Z.P…….r……EG.x…l ..>…..G0E.!…..lh…..F…P…….w..<.l0… T<..y..T.2Q +..Q.p…3_>.#%.z!.E0.. *.H………….Q.>=-J..’p.!.7W……X..q.WTx…..i8<…kc6…….D.O…….3…>…i.RRx.5<.….]../..1.T..A f..&..4.Q…:.6j.NR…./x.9….J…5Me..V}h..e….=.G….{………d.O….3E.?.VG..e0……1…..$…?.bp..Gw…h..).., mZ3…….!;.X…Q/..d…y…|…f….o…0…0..z……. .AB…S.sj…..0.. *.H……..0?1$0″..U. ..Digital […]

THC SSL Application Layer 7 Resource Denial of Service DoS Attack PCAP file Download

2016-05-10 22:55:21.763780 IP 192.168.1.1.80 > 192.168.1.100.46528: Flags [S.], seq 2840197845, ack 3419153931, win 5792, options [mss 1460,sackOK,TS val 19582549 ecr 48899446,nop,wscale 0], length 0 E..<..@.@……….d.P…I….&…..i………. .*.U..%v…. 2016-05-10 22:55:21.763794 IP 192.168.1.100.46528 > 192.168.1.1.80: Flags [.], ack 1, win 229, options [nop,nop,TS val 48899446 ecr 19582549], length 0 E..4.}@.@……d…….P..&..I…………. ..%v.*.U 2016-05-10 22:55:21.763846 IP 192.168.1.100.46528 > 192.168.1.1.80: Flags [P.], seq 1:102, ack 1, win 229, options [nop,nop,TS val 48899446 ecr 19582549], length 101: HTTP E….~@.@..+…d…….P..&..I…….A….. ..%v.*.U….`…\….wb.t.8……..L..0l..d.~+..-“9….5…….-.#….. ………………………………. 2016-05-10 22:55:21.763866 IP 192.168.1.100.46530 > 192.168.1.1.80: Flags [S], seq 2524174511, win 29200, options [mss 1460,sackOK,TS val 48899446 ecr 0,nop,wscale 7], length 0 E..<..@.@..,…d…….P.s……..r………… ..%v…….. 2016-05-10 22:55:21.767307 […]

SLICE Denial of Service DoS Spoofed Packets Dangerous PCAP file download

2016-05-23 15:37:46.606305 IP 100.85.36.40.10282 > 192.168.1.107.42143: tcp 20 [bad hdr length 0 – too short, < 20] E..(……..dU$(…k(*…@Gd;j.y…….. 2016-05-23 15:37:46.606309 IP 60.29.5.54.17350 > 192.168.1.107.39169: tcp 20 [bad hdr length 0 – too short, < 20] E..(.z……<..6…kC….F…..)…..Z.. 2016-05-23 15:37:46.608855 IP 223.135.36.17.21442 > 192.168.1.107.41581: tcp 20 [bad hdr length 0 – too short, < 20] E..(%……#..$….kS..mY.{.ro.d…..J.. 2016-05-23 15:37:46.608873 IP 199.13.15.19.23832 > 192.168.1.107.35628: tcp 20 [bad hdr length 0 – too short, < 20] E..(……r……..k]..,R..4.G_7…….. 2016-05-23 15:37:46.608881 IP 207.78.195.43.10248 > 192.168.1.107.40425: tcp 20 [bad hdr length 0 – too short, < 20] E..(h%…….N.+…k(…..j :.TI….gi.. 2016-05-23 15:37:46.608888 IP 111.172.220.27.51203 > 192.168.1.107.43962: tcp 20 [bad […]