[nsp-sec] Packet love to AS9192
Alfredo Sola
alfredo at solucionesdinamicas.net
Fri Feb 1 13:19:35 EST 2008
Good day,
AS9192 has been getting lots of love in the form of large UDP packets
(above 1 KB) to 194.149.73.156 and 194.149.73.80, both machines from IRC
Hispano.
As a mitigation measure, they have withdrawn the entire /24 from BGP.
Unfortunately their netflow is broken so they can't tell any more
details. The attack began a few hours ago.
If your flows show something large towards those IPs now (i.e., more
than normal DNS resolution attempts), you have most likely identified a
bot. Any intel you can share will be much appreciated.
More info if and when it comes.
--
Alfredo Sola
ASP5-RIPE
http://alfredo.sola.es/
More information about the nsp-security
mailing list