[nsp-sec-jp] DDoS to 128.101.97.245

Taka Mizuguchi taka @ ntt.net
2007年 7月 18日 (水) 20:33:15 EDT 

NSP-SEC-JP$B3F0L!"(B

$B;dC#$N%M%C%H%o!<%/%9%-%c%J!<!J(B128.101.97.245$B!K$KBP$7$F!"(B200Mbps$B$N(BTCP
SYN$B$*$h$S(BICMP PING$B%Q%1%C%H$rAw$j;O$a$^$7$?!#(B
14000$B0J>e$N%f%K!<%/$J%=!<%9%"%I%l%9$+$i$=$l$>$l(B1000$B%Q%1%C%H0J>e$NAw?.(B
$B$,$"$j$^$9!#(B

$B0J2<$O!"%9%H!<%`%o!<%`$K46 @ w46@w$7$F$$$k$H;W$o$l$k%[%9%H$G$9!#(B
$B$43NG'$r$*4j$$$7$^$9!#(B

2514    | 210.153.131.8    | 2007-07-18 13:57:05.234 | JPNIC-ASBLOCK-AP JPNIC
2516    | 121.105.15.94    | 2007-07-18 13:57:50.741 | JPNIC-ASBLOCK-AP JPNIC
2516    | 121.107.220.153  | 2007-07-18 13:59:13.554 | JPNIC-ASBLOCK-AP JPNIC
2516    | 125.54.136.52    | 2007-07-18 13:57:46.771 | JPNIC-ASBLOCK-AP JPNIC
2518    | 125.193.51.4     | 2007-07-18 13:58:17.884 | JPNIC-ASBLOCK-AP JPNIC
2518    | 60.238.141.29    | 2007-07-18 13:58:03.290 | JPNIC-ASBLOCK-AP JPNIC
4713    | 124.101.23.193   | 2007-07-18 13:58:03.283 | -Allocated by APNIC-
4713    | 124.102.129.9    | 2007-07-18 13:58:35.349 | -Allocated by APNIC-
4713    | 218.230.249.104  | 2007-07-18 13:57:34.553 | -Allocated by APNIC-
4713    | 220.96.36.115    | 2007-07-18 13:58:46.740 | -Allocated by APNIC-
4713    | 222.148.231.166  | 2007-07-18 13:58:02.519 | -Allocated by APNIC-
10021   | 210.79.187.234   | 2007-07-18 13:58:02.577 | JPNIC-NET-JP-AS-BLOCK Japan Network Information Center
17676   | 219.31.64.50     | 2007-07-18 13:57:30.517 | JPNIC-JP-ASN-BLOCK Japan Network Information Center


Forwarded by Taka Mizuguchi <taka @ ntt.net>
----------- nsp-security Confidential --------

Someone has seen fit to start throwing 200Mpbs of TCP SYN and ICMP PING
packets at our network scanner.  So far there are more than 14,000 unique
sources that have sent more than 1000 pkts each:

  https://asn.cymru.com/nsp-sec/upload/1184788639.whois.txt

There's a theory that these are Storm Worm infected hosts.  I have no
proof one way or another.  Perhaps someone with more knowledge can
chime in on this.

Paul
-- 
Paul Dokas                                     dokas at oitsec.umn.edu
======================================================================
Don Juan Matus:  "an enigma wrapped in mystery wrapped in a tortilla."


_______________________________________________
nsp-security mailing list
nsp-security @ puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security

Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________

--------------------- Original Message Ends --------------------

-----
Taka Mizuguchi
taka @ ntt.net

nsp-security-jp メーリングリストの案内