Information Security News
The DShield database this morning show a tremendous uptick in activity coming out of IP address 220.127.116.11 over the past few weeks, so I am reaching out to everyone to see if anybody has packets related to this IP address. The WHOIS shows a newly registered IP block to CariNet, Inc., a San Diego based cloud provider, on January 3 2014. Since that time there has been an upshot in reports to the DShield database for both unwanted TCP and UDP packets.
If anybody has information on the IP address 18.104.22.168, or a POC at CariNet, would greatly help. I will contact the abuse department on Monday with whatever information I can collect today.
As always, thanx for supporting the Internet Storm Center,
tony d0t Carothers –gmail.com(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.