Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2014-01-26 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Looking for Packets for IP address 71.6.165.200

Published: 2014-01-26
Last Updated: 2014-01-27 18:13:45 UTC
by Tony Carothers (Version: 1)
22 comment(s)

The DShield database this morning show a tremendous uptick in activity coming out of IP address 71.6.165.200 over the past few weeks, so I am reaching out to everyone to see if anybody has packets related to this IP address.  The WHOIS shows a newly registered IP block to CariNet, Inc., a San Diego based cloud provider, on January 3 2014.  Since that time there has been an upshot in reports to the DShield database for both unwanted TCP and UDP packets. 

If anybody has information on the IP address 71.6.165.200, or a POC at CariNet, would greatly help.  I will contact the abuse department on Monday with whatever information I can collect today.

As always, thanx for supporting the Internet Storm Center,

tony d0t Carothers –gmail.com

==============================

UPDATE: 27 January 2014

The senior security engineer onsite has contacted the customer, who has agreed to take down the site and work with the ISC to resolve these issues.  Great job everyone!!  A community effort helps out the community everytime!!

Keywords:
22 comment(s)
Diary Archives