[nsp-sec] Busy ddos net: 193.202.63.119 ASN 8885 - HU
jose nazario
jose at arbor.net
Mon Feb 11 09:42:08 EST 2008
Here's an hour of their DDoS activity:
1202735775/irc.swpower-team.net/193.202.63.119/8885/HU/43937/#army#//157.157
.124.112/157.157.124.112/IS/6677/anis!maja at fbi.gov/ARBOR/ .ddos.udp
157.157.124.112 21 1000 -s
1202735780/irc.swpower-team.net/193.202.63.119/8885/HU/43937/#army#//157.157
.124.112/157.157.124.112/IS/6677/anis!maja at fbi.gov/ARBOR/ .ddos.syn
157.157.124.112 21 1000 -s
1202737100/irc.swpower-team.net/193.202.63.119/8885/HU/43937/#army#//82.192.
47.134/82.192.47.134/SI/12644/anis!maja at fbi.gov/ARBOR/ .ddos.syn
82.192.47.134 21 700 -s
1202737104/irc.swpower-team.net/193.202.63.119/8885/HU/43937/#army#//82.192.
47.134/82.192.47.134/SI/12644/anis!maja at fbi.gov/ARBOR/ .ddos.udp
82.192.47.134 21 700 -s
1202737154/irc.swpower-team.net/193.202.63.119/8885/HU/43937/#army#//91.185.
200.146/91.185.200.146/SI/41828/anis!maja at fbi.gov/ARBOR/ .ddos.udp
91.185.200.146 21 700 -s
1202737158/irc.swpower-team.net/193.202.63.119/8885/HU/43937/#army#//91.185.
200.146/91.185.200.146/SI/41828/anis!maja at fbi.gov/ARBOR/ .ddos.syn
91.185.200.146 21 700 -s
1202737909/irc.swpower-team.net/193.202.63.119/8885/HU/43937/#army#//81.69.1
91.83/81.69.191.83/NL/5390/anis!maja at fbi.gov/ARBOR/ .ddos.udp 81.69.191.83
21 700 -s
1202737925/irc.swpower-team.net/193.202.63.119/8885/HU/43937/#army#//90.230.
22.236/90.230.22.236/SE/3301/anis!maja at fbi.gov/ARBOR/ .ddos.udp
90.230.22.236 21 700 -s
1202737940/irc.swpower-team.net/193.202.63.119/8885/HU/43937/#army#//81.236.
212.127/81.236.212.127/SE/3301/anis!maja at fbi.gov/ARBOR/ .ddos.udp
81.236.212.127 21 700 -s
1202737963/irc.swpower-team.net/193.202.63.119/8885/HU/43937/#army#//81.69.1
59.31/81.69.159.31/NL/5390/anis!maja at fbi.gov/ARBOR/ .ddos.udp 81.69.159.31
21 700 -s
1202737980/irc.swpower-team.net/193.202.63.119/8885/HU/43937/#army#//81.69.1
68.14/81.69.168.14/NL/5390/anis!maja at fbi.gov/ARBOR/ .ddos.udp 81.69.168.14
21 700 -s
1202737998/irc.swpower-team.net/193.202.63.119/8885/HU/43937/#army#//90.21.1
64.167/90.21.164.167/FR/3215/anis!maja at fbi.gov/ARBOR/ .ddos.udp
90.21.164.167 21 700 -s
That botnet is controlled here:
host: irc.swpower-team.net
IP: 193.202.63.119
Port 8885
Targets include:
AS | IP | AS Name
41828 | 91.185.200.146 | TUSMOBIL TUSMOBIL - core network
12644 | 82.192.47.134 | TELEMACH Telemach Autonomous System
6677 | 157.157.124.112 | ICENET-AS1 *********************************
5390 | 81.69.168.14 | EURONET Orange Nederland B.V. Global AS
3215 | 90.21.164.167 | AS3215 France Telecom - Orange
5390 | 81.69.168.14 | EURONET Orange Nederland B.V. Global AS
3301 | 81.236.212.127 | TELIANET-SWEDEN TeliaNet Sweden
Anyone with any pull in Hungary?
-------------------------------------------------------------
jose nazario, ph.d. <jose at arbor.net>
security researcher, office of the CTO
Arbor Networks
v: (734) 821 1427
PGP: 0x40A7BF94
www.arbornetworks.com
-------------------------------------------------------------
More information about the nsp-security
mailing list