[Operators] DoS attacker: "mafia_rullezz_*"

Nicolas Vérité nicolas.verite at gmail.com
Fri Dec 2 14:03:10 UTC 2011


After, maybe I can give you the list here:

mafia_rullezz_0jax5o at jabber.freenet.de
mafia_rullezz_1vrqp0 at silper.cz
mafia_rullezz_1xpf1lkq at jabber.no
mafia_rullezz_35zubbnw9d at support-pc.ru
mafia_rullezz_485t8__vs at jabber.meta.net.nz
mafia_rullezz_4v7xf at jaim.at
mafia_rullezz_9vunz_ujo5 at talk.mipt.ru
mafia_rullezz_addufaa at im.apinc.org
mafia_rullezz_bqv4t at boese-ban.de
mafia_rullezz_hbljhee at jabber.anywise.com
mafia_rullezz_hhyfbmd at jabba.mgw.pl
mafia_rullezz_hneemp6m at jabber.dol.ru
mafia_rullezz_jc11q6k at dominion.dn.ua
mafia_rullezz_jscuhz557 at macjabber.de
mafia_rullezz_kxll2_ at aqq.eu
mafia_rullezz_l8057bb at jabber.kirovnet.ru
mafia_rullezz_lbxis1a9xi at jabber.freenet.de
mafia_rullezz_of5n5_i at jabber.tf-network.de
mafia_rullezz_oif5ec at ubuntu-jabber.net
mafia_rullezz_paa489t8 at mailfr.com
mafia_rullezz_pdna7aya at jabber.tf-network.de
mafia_rullezz_pij1h at jabber.tf-network.de
mafia_rullezz_rxcmjr at lugmen.org.ar
mafia_rullezz_s92iue1 at aqq.eu
mafia_rullezz_smelp_2 at jabba.mgw.pl
mafia_rullezz_tnizs at volity.net
mafia_rullezz_ujm1c5n3s at dominion.dn.ua
mafia_rullezz_vuv2gji41 at aszlig.net
mafia_rullezz_xmxs5 at jabber.workaround.org
mafia_rullezz_xqwvttk at kanet.ru
mafia_rullezz_yhwx_ at ubuntu-jabber.de
mafia_rullezz_yod6_ at jabber.snc.ru
mafia_rullezz__cdpuds4r2 at jabber.com.ua
mafia_rullezz__nw7wbykk at jabberes.org
mafia_rullezz__qr5p at unstable.nl

On Fri, Dec 2, 2011 at 14:59, Nicolas Vérité <nicolas.verite at gmail.com> wrote:
> Maybe some precision:
> all the "mafia_rullezz_*" JIDs come from S2S (other servers and
> domains), and they all target only one of our hosted users.
>
> So, maybe you can all check your domains, that you have no such JIDs.
>
>
> On Fri, Dec 2, 2011 at 13:27, Nigel Kukard <nkukard at lbsd.net> wrote:
>>
>> On 12/02/11 12:25, Nicolas Vérité wrote:
>>>
>>> Hi all,
>>>
>>> Just a quick email to let you know that we are facing DoS attack on
>>> Hosted.IM, our XMPP service hosting platform.
>>> The attacker has "mafia_rullezz_*" in its multiple JIDs. It just sends
>>> messages. At least another XMPP server suffered from these kind of
>>> entities.
>>> Regards
>>
>>
>> I get registration requests and blackholed all the IP's I saw registrations
>> from.
>>
>> Not sure if you're the victim or host that he's using, but ... here is my
>> blackhole list
>>
>> blackhole 91.103.156.182
>> blackhole 81.177.160.8
>> blackhole 62.109.3.92
>> blackhole 85.115.234.116
>> blackhole 41.107.137.39
>> blackhole 81.176.229.236
>> blackhole 81.177.33.141
>> blackhole 41.201.239.3
>> blackhole 89.112.10.50
>> blackhole 87.98.168.93
>> blackhole 195.110.32.60
>> blackhole 87.251.157.0/24
>>
>> -N
>>
>>
>
>
>
> --
> Nicolas Vérité (Nÿco) mailto:nicolas.verite at gmail.com
> Jabber ID : xmpp:nyco at jabber.fr



-- 
Nicolas Vérité (Nÿco) mailto:nicolas.verite at gmail.com
Jabber ID : xmpp:nyco at jabber.fr


More information about the Operators mailing list