[nsp-sec] Amazon Attack (06/09/2008)
Dave Burke
dave at amazon.com
Mon Jun 9 14:49:02 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
We're under attack again. All ASN's (7224/39111/16509)
We're seeing Apache/Linux/PHP server hitting us....
224 | 129.241.56.151 | UNINETT UNINETT, The Norwegian University &
Research Network
703 | 210.80.187.105 | UUNET - MCI Communications Services, Inc.
d/b/a Verizon Business
852 | 209.29.150.120 | ASN852 - Telus Advanced Communications
1267 | 151.8.99.84 | ASN-INFOSTRADA Infostrada S.p.A.
2119 | 195.134.48.84 | TELENOR-NEXTEL T.net
2586 | 194.204.43.142 | UNINET-AS AS Uninet
3248 | 77.244.242.242 | SIL-AT SILVER SERVER GmbH
3292 | 80.232.111.20 | TDC TDC Data Networks
3292 | 80.232.111.203 | TDC TDC Data Networks
3313 | 194.177.98.149 | INET-AS I.NET S.p.A.
3561 | 209.67.63.2 | SAVVIS - Savvis
3561 | 216.35.197.52 | SAVVIS - Savvis
3561 | 72.21.33.138 | SAVVIS - Savvis
3595 | 69.73.160.136 | GNAXNET-AS - Global Net Access, LLC
4589 | 89.207.168.12 | EASYNET Easynet Group Plc
5413 | 81.21.68.50 | AS5413 GX Networks
5606 | 193.226.140.158 | KQRO KPNQwest Romania AS
6461 | 62.93.239.142 | MFNX MFN - Metromedia Fiber Network
6461 | 62.93.239.144 | MFNX MFN - Metromedia Fiber Network
6724 | 81.169.143.210 | STRATO Strato AG
6724 | 81.169.145.25 | STRATO Strato AG
6724 | 81.169.175.177 | STRATO Strato AG
6939 | 66.160.178.217 | HURRICANE - Hurricane Electric
8001 | 216.118.97.138 | NET-ACCESS-CORP - Net Access Corporation
8001 | 70.47.36.4 | NET-ACCESS-CORP - Net Access Corporation
8220 | 213.215.150.210 | COLT COLT Telecommunications
8220 | 80.251.162.65 | COLT COLT Telecommunications
8289 | 212.37.7.234 | DATAPHONE
8304 | 213.218.133.175 | AS8304 ECRITEL Company
8434 | 62.119.28.104 | TELENOR-SE Telenor Sweden
8434 | 80.81.165.211 | TELENOR-SE Telenor Sweden
8560 | 212.227.118.62 | ONEANDONE-AS 1&1 Internet AG
8560 | 212.227.29.3 | ONEANDONE-AS 1&1 Internet AG
8560 | 74.208.16.115 | ONEANDONE-AS 1&1 Internet AG
8560 | 74.208.16.179 | ONEANDONE-AS 1&1 Internet AG
8560 | 74.208.16.80 | ONEANDONE-AS 1&1 Internet AG
8608 | 62.100.48.20 | QINIP XB Networks B.V.
8622 | 85.233.165.91 | ISIONUK Formerly NetDirect Internet Ltd
8708 | 82.76.35.141 | RDSNET RCS & RDS S.A.
8912 | 62.128.149.72 | NETBENEFIT Group NBT plc (formaly NetBenefit)
8972 | 85.25.151.205 | PLUSSERVER-AS PlusServer AG, Germany
9150 | 213.207.108.37 | INTERCONNECT InterConnect Services BV
9556 | 202.6.141.214 | ADAM-AS-AP Adam Internet Pty Ltd
10316 | 69.64.64.72 | ABACUS-NET-AS - Abacus America Inc.
10439 | 216.75.30.115 | CARI - San Diego Commercial Internet Exchange
10532 | 64.49.216.180 | RACKSPACE - Rackspace.com, Ltd.
11022 | 65.109.239.242 | ALABANZA-BALT - Alabanza, Inc.
11388 | 209.25.170.22 | MAXIM - Peer 1 Dedicated Hosting
12306 | 82.98.82.30 | Plus.Line AG IP-Services
12414 | 212.45.63.21 | NL-SOLCON SOLCON-NL
12989 | 81.171.99.220 | HWNG Highwinds Network Group, Inc.
12996 | 194.63.248.33 | DOMENESHOP Domeneshop AS
12996 | 194.63.248.42 | DOMENESHOP Domeneshop AS
13030 | 194.126.200.24 | INIT7 Init Seven AG, Zurich, Switzerland
13194 | 79.98.25.6 | BITE Bite Lietuva
13213 | 83.170.105.36 | UK2NET-AS UK-2 Ltd Autonomous System
13224 | 213.147.64.13 | NAIROBINET
13594 | 204.209.169.170 | MTC - Microtek Corporation
14361 | 209.160.33.97 | HOPONE-GLOBAL - HopOne Internet Corporation
14501 | 66.34.224.164 | CIHOST - C I Host
15772 | 217.20.175.116 | WNET W-NET Kiev
15967 | 77.55.84.2 | NETART NetArt Autonomous System
16095 | 86.58.131.39 | JAYNET jay.net a/s
16237 | 217.148.95.149 | NXS Nxs Internet BV
16245 | 195.47.247.120 | NGDC NetGroup DataCenter A/S - ngdc.net
16245 | 195.47.247.134 | NGDC NetGroup DataCenter A/S - ngdc.net
16245 | 195.47.247.139 | NGDC NetGroup DataCenter A/S - ngdc.net
16245 | 195.47.247.140 | NGDC NetGroup DataCenter A/S - ngdc.net
16245 | 195.47.247.44 | NGDC NetGroup DataCenter A/S - ngdc.net
16245 | 195.47.247.62 | NGDC NetGroup DataCenter A/S - ngdc.net
16265 | 77.75.126.133 | LEASEWEB LEASEWEB AS
16265 | 82.192.66.27 | LEASEWEB LEASEWEB AS
16276 | 213.251.189.201 | OVH OVH
16276 | 213.251.189.203 | OVH OVH
16276 | 87.98.222.150 | OVH OVH
16276 | 91.121.64.190 | OVH OVH
16276 | 91.121.69.137 | OVH OVH
17014 | 66.96.128.64 | NAIILLC - North Atlantic Internet, Inc., LLC
17379 | 200.157.179.26 | Intelig Telecomunica Ltda
17393 | 63.245.198.14 | TRIPNET-HOU - Trip.net, Inc.
17819 | 122.201.81.6 | ASN-EQUINIX-AP Equinix Asia Pacific
19166 | 64.72.112.158 | ALPHARED-HOUSTON - Alpha Red, INC
19166 | 69.80.227.87 | ALPHARED-HOUSTON - Alpha Red, INC
19318 | 69.10.35.10 | NJIIX-AS-1 - NEW JERSEY INTERNATIONAL
INTERNET EXCHANGE LLC
19318 | 69.10.36.250 | NJIIX-AS-1 - NEW JERSEY INTERNATIONAL
INTERNET EXCHANGE LLC
19916 | 69.94.25.47 | ASTRUM-0001 - OLM LLC
20218 | 69.27.110.65 | BLACKSUN - Black Sun Inc.
20495 | 84.244.149.29 | WEDARE We Dare BV Autonomous System
20773 | 80.237.132.79 | HOSTEUROPE-AS AS of Hosteurope Germany /
Cologne
21155 | 81.4.97.189 | ASN-PROSERVE ProServe B.V. Networks
21155 | 83.172.148.22 | ASN-PROSERVE ProServe B.V. Networks
21844 | 67.19.111.2 | THEPLANET-AS - ThePlanet.com Internet
Services, Inc.
21844 | 67.19.74.18 | THEPLANET-AS - ThePlanet.com Internet
Services, Inc.
21844 | 74.52.104.116 | THEPLANET-AS - ThePlanet.com Internet
Services, Inc.
21844 | 74.54.74.98 | THEPLANET-AS - ThePlanet.com Internet
Services, Inc.
21844 | 74.55.30.114 | THEPLANET-AS - ThePlanet.com Internet
Services, Inc.
21844 | 75.125.150.194 | THEPLANET-AS - ThePlanet.com Internet
Services, Inc.
24557 | 117.55.224.113 | AUSSIEHQ-AS-AP AussieHQ Pty Ltd
24557 | 203.88.117.57 | AUSSIEHQ-AS-AP AussieHQ Pty Ltd
24557 | 203.88.123.12 | AUSSIEHQ-AS-AP AussieHQ Pty Ltd
24557 | 203.88.123.6 | AUSSIEHQ-AS-AP AussieHQ Pty Ltd
24931 | 78.31.109.72 | DEDIPOWER DediPower Managed Hosting Limited
24938 | 81.29.214.195 | TELECITYREDBUS-IT TELECITYREDBUS IT
24940 | 213.133.104.107 | HETZNER-AS Hetzner Online AG RZ-Nuernberg
24940 | 88.198.201.4 | HETZNER-AS Hetzner Online AG RZ-Nuernberg
25525 | 85.92.129.103 | REASONNET Reasonnet IP Networks -
Autonomous System Number
25525 | 85.92.129.106 | REASONNET Reasonnet IP Networks -
Autonomous System Number
25525 | 85.92.129.204 | REASONNET Reasonnet IP Networks -
Autonomous System Number
25525 | 85.92.129.206 | REASONNET Reasonnet IP Networks -
Autonomous System Number
25532 | 87.242.98.48 | MASTERHOST-AS .masterhost autonomous system
25847 | 207.58.166.86 | SERVINT - ServInt Corporation
25973 | 203.22.204.159 | MZIMA - Mzima Networks, Inc.
25973 | 209.200.224.216 | MZIMA - Mzima Networks, Inc.
26300 | 216.174.135.162 | SASK-RESEARCH-NETWORK - SRNet Saskatchewan
Research Network Inc.
26347 | 208.113.133.155 | DREAMHOST-AS - New Dream Network, LLC
26347 | 64.111.112.10 | DREAMHOST-AS - New Dream Network, LLC
26496 | 64.202.161.130 | PAH-INC - GoDaddy.com, Inc.
26496 | 64.202.165.201 | PAH-INC - GoDaddy.com, Inc.
27229 | 64.187.101.31 | WEBHOST-ASN1 - Webhosting.Net, Inc.
27229 | 64.187.111.71 | WEBHOST-ASN1 - Webhosting.Net, Inc.
27715 | 200.234.200.44 | LocaWeb Ltda
28907 | 193.178.144.180 | ICG Internet Consulting Group
28907 | 193.178.144.48 | ICG Internet Consulting Group
29017 | 195.8.196.23 | GYRON ====
29131 | 78.129.158.150 | RAPIDSWITCH-AS RapidSwitch Ltd
29222 | 84.16.84.54 | INFOMANIAK-AS Infomaniak Network SA
29550 | 85.234.147.230 | EUROCONNEX-AS Blueconnex Networks Ltd
29650 | 84.51.232.128 | HOSTING365-AS AS Number for Hosting 365
Ireland Limited
29671 | 77.232.68.226 | SERVAGE Servage GmbH
29671 | 92.61.146.10 | SERVAGE Servage GmbH
29863 | 216.7.185.15 | DATA393 - Data393 Inc.
29863 | 65.38.168.196 | DATA393 - Data393 Inc.
29873 | 65.254.224.34 | BIZLAND-SD - Endurance International Group,
Inc.
29873 | 65.254.224.35 | BIZLAND-SD - Endurance International Group,
Inc.
29873 | 66.96.128.64 | BIZLAND-SD - Endurance International Group,
Inc.
30083 | 69.64.34.240 | SERVER4YOU - Server4You Inc.
30781 | 85.31.205.181 | JAGUAR-AS AS for Jaguar Network
30802 | 193.22.244.24 | WEB-MANIA Web Mania
31034 | 195.225.168.219 | ARUBA-ASN Aruba.it Network
31034 | 85.235.130.15 | ARUBA-ASN Aruba.it Network
31673 | 195.69.72.2 | UNISERVER-AS Uniserver Internet C.V.
31673 | 83.143.186.59 | UNISERVER-AS Uniserver Internet C.V.
31731 | 195.8.208.30 | ADIX-AS ADIX hosting
32065 | 216.81.70.192 | VORTECH-INC - Vortech Inc.
32244 | 67.225.203.66 | LIQUID-WEB-INC - Liquid Web, Inc.
32392 | 71.18.111.224 | OPENTRANSFER-ECOMMERCE - Ecommerce Corporation
32392 | 71.18.216.23 | OPENTRANSFER-ECOMMERCE - Ecommerce Corporation
32392 | 72.41.223.208 | OPENTRANSFER-ECOMMERCE - Ecommerce Corporation
32392 | 72.41.255.195 | OPENTRANSFER-ECOMMERCE - Ecommerce Corporation
32392 | 76.162.253.11 | OPENTRANSFER-ECOMMERCE - Ecommerce Corporation
32392 | 76.162.253.54 | OPENTRANSFER-ECOMMERCE - Ecommerce Corporation
32392 | 76.163.252.85 | OPENTRANSFER-ECOMMERCE - Ecommerce Corporation
32392 | 98.131.15.18 | OPENTRANSFER-ECOMMERCE - Ecommerce Corporation
32475 | 216.104.33.78 | SINGLEHOP-INC - SingleHop
33070 | 67.192.190.80 | RMH-14 - Rackspace.com, Ltd.
33070 | 72.32.57.155 | RMH-14 - Rackspace.com, Ltd.
33182 | 66.7.202.252 | DIMENOC---HOSTDIME - HostDime.com, Inc.
33182 | 66.7.205.123 | DIMENOC---HOSTDIME - HostDime.com, Inc.
34173 | 80.245.60.68 | MAILCLUB-AS AS for Mailclub - Marseille, France
34762 | 217.19.236.151 | COMBELL-AS Combell group NV
34788 | 85.13.131.133 | NMM-AS Neue Medien Muennich GmbH
34788 | 85.13.135.176 | NMM-AS Neue Medien Muennich GmbH
34788 | 85.13.136.87 | NMM-AS Neue Medien Muennich GmbH
34788 | 85.13.137.242 | NMM-AS Neue Medien Muennich GmbH
35017 | 194.126.173.32 | SWIFTWAY-AS SWIFTWAY Autonomous System
35449 | 193.223.101.120 | HWRO-AS SC theVault SRL
35569 | 80.93.57.211 | PETERHOST-MOSCOW PeterHost.Ru Hosting
Provider at Moscow
35592 | 87.236.199.52 | COOLHOUSING-AS COOLHOUSING Autonomous System
36351 | 67.228.159.131 | SOFTLAYER - SoftLayer Technologies Inc.
36351 | 74.86.204.19 | SOFTLAYER - SoftLayer Technologies Inc.
36351 | 75.126.100.74 | SOFTLAYER - SoftLayer Technologies Inc.
39023 | 88.80.197.6 | IU-AS InternetUniversum GmbH
39451 | 77.240.2.136 | MELBOURNE-AS Melbourne Network Solutions
connectivity
39582 | 89.106.16.243 | GRID Grid Bilisim Teknolojileri A.S.
40092 | 208.68.104.107 | LOOSEFOOT - Loose Foot Computing Limited
41027 | 195.189.228.18 | NETEX-AS NETEX Company, Kyiv, Ukraine
41197 | 89.207.168.12 | SWITCHMEDIA Switch Media PLC
41550 | 91.196.0.6 | HBUA-AS HostBizUa network
41798 | 91.185.7.197 | TTC-AS Kazakhstan Transtelecom AS Number
42363 | 195.144.11.40 | PHPNET-AS AS for PHPNET
42612 | 82.98.136.13 | DINAHOSTING-AS ASN de Dinahosting SL
42751 | 77.222.33.61 | PETERHOST-MOSCOW-DC2 Concorde Ltd.
43362 | 78.108.81.121 | MAJORDOMO MAJORDOMO LLC
43560 | 193.34.167.152 | PANTHERIT Panther IT Services
44286 | 89.207.144.10 | XIP-AS crossip communications gmbh
Any help mitigating is appreciated.
dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFITXse6xddYR6j4jARAj//AJ9AogorO+IPMsjvYsiY8jmQ4ZP+JgCgiz0e
FiC3xqNgSn7PliMtV2D+yBg=
=9cZm
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list