swinog January 2021

swinog@lists.swinog.ch

3 participants
4 discussions

Switzerlandwide Internet problem
by Michele Capobianco 16 Jul '23

16 Jul '23

Hey all A friend just told me that Cybernet told him there is a Switzerlandwide Internet Problem. Does anybody know something? Cheers Michele -------- Online Consulting AG, Michele Capobianco, System Administrator, Weststrasse 38, CH-9500 Wil Phone +41 (0)71 913 31 31, Fax +41 (0)71 913 31 32 http://www.online.ch, michele.capobianco(a)online.ch<mailto:michele.capobianco@online.ch> --------

8 7

experiencing DDOS via a drupal GET request
by maj＠mbuf.net 21 Jan '21

21 Jan '21

Hello, this is to share with you that I am experiencing a ddos attack for a webserver I manage. It is a Drupal/PHP/Nginx platform that is flooded with GET requests such as: GET /es/search?f%5B0%5D=language%3Aes&f%5B1%5D=regions%3A4490&f%5B2%5D=regions%3A4511&f%5B3%5D=regions%3A4538&f%5B4%5D=regions%3A4556&f%5B5%5D=regions%3A4567&f%5B6%5D=regions%3A4593&f%5B7%5D=regions%3A4601&f%5B8%5D=regions%3A4603&f%5B9%5D=regions%3A4620&f%5B10%5D=regions%3A4631&f%5B11%5D=regions%3A4674&f%5B12%5D=type_of_content%3A4697&f%5B13%5D=type_of_content%3A4710&f%5B14%5D=type_of_content%3A4857&f%5B15%5D=type_of_content%3A4862&f%5B16%5D=type_of_content%3A4943&f%5B17%5D=type_of_content%3A6249&f%5B18%5D=type_of_content%3A6423&f%5B19%5D=wcc_programmes%3A4882&f%5B20%5D=wcc_programmes%3A4893 It targets the search module which does not cache the data and means resource impact. This involves more than 12'000 individual ip addresses, spread over CN, IN, KO, MX, and US. A list of the subnet part involved can be found here[0]. (list is of course gorwing over time, attack is not over and spread of hosts continue) I plan to further investigate the networks involved, how likely they are cloud nodes or infected hosts for instance. I am on the AS3303/Swisscom BTW. Is anyone experiencing such traffic? This is not huge in terms of bw, but scaled adequately to eat servers cpu resources. Regards. [0] https://www.mbuf.net/files/f/ebbc54f52b564824bf5e/ -- |_|0|_| Julien MABILLARD - Matrix: @jma:matrix.mbuf.net - XMPP: jma(a)tls.mbuf.net |_|_|0| OpenPGP fingerprint: 1E47 513E 8B00 8BC5 E874 23E4 54A4 32FB 260A 2D41 |0|0|0| ssb: @O7yM/4Y0Jcp1uZToeis2AKApyOvb8ZHkoXuAh0wPcAM=.ed25519

1 0

Anyone from AS9009 / GlobalAXS / m247 Zurich NOC?
by Benoît Panizzon 04 Jan '21

04 Jan '21

Happy new Year. If anyone from AS9009 Zurich NOC reads this list. Please contact me off list about a more serious incident involving some of your IP Addresses. -- Mit freundlichen Grüssen -Benoît Panizzon- @ HomeOffice und normal erreichbar -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________

1 0

.ch zone file is open data now
by Michael Hausding 04 Jan '21

04 Jan '21

Dear list Happy new Year! We want to let you know that the the .ch zone file, containing all delegated .ch domain names, is publicly available for download. Access is limited by Article 10(1)(a)(6) of the Ordinance on Internet Domains for combating cybercrime, scientific and social research or for other purposes in the public interest. Details, on how to access the file are available here: https://swit.ch/zonedata, and I also wrote a blogpost https://securityblog.switch.ch/2020/11/18/dot_ch_zone_is_open_data/. If you have any feedback or do anything interesting with the data, please share. Michael ------------------------------------ Michael Hausding, Competence Lead DNS & Domain Abuse SWITCH-CERT Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 77, incident phone +41 44 268 15 40 michael.hausding(a)switch.ch http://securityblog.switch.ch

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

swinog January 2021