[nsp-sec] 6Gbps (peak) attack ongoing
Neil Long
neil.long at cymru.com
Fri Jun 20 06:05:33 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Apologies for following up
The attacked IP is (of course ... silly me) 72.52.0.87
but more useful info
Our Chas Thomlin did some RR/IP relationships hunting and also found
193.68.50.110:53 as a 3rd c&c (previous RR dns.gatuzo.net ) but now
either of
ns01.begone.info and ns01.jizzshow.com
also available in the dnsrr feed :-)
193.68.50.110 has of course been confirmed and added to DDoS-RS
Cheers
Neil
On 20 Jun 2008, at 10:36, Neil Long wrote:
> ----------- nsp-security Confidential --------
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi
>
> We just received information regarding a hefty attack (tcp and udp
> port 80) where the c&c are
>
>> 195.228.74.242 port 80
>> 212.214.41.35 port 53
>
> both in DDoS-RS which we have listed as mail.purplelots.com and
> live.jugekid.info in dnsrr
>
> Participating IPs are
>
> https://asn.cymru.com/nsp-sec/upload/1213953493.whois.txt
>
> AS numbers and count for IPs in the above file
>
> 22 1
> 81 1
> 174 1
> 209 57
> 237 2
> 557 1
> 600 1
> 684 11
> 701 10
> 703 1
> 803 2
> 812 74
> 1239 7
> 1249 1
> 1706 1
> 1785 2
> 1916 1
> 2042 1
> 2379 17
> 2497 2
> 2510 5
> 2514 2
> 2516 7
> 2518 5
> 2527 1
> 2711 1
> 2716 1
> 2828 12
> 2915 3
> 3215 10
> 3356 5
> 3462 16
> 3549 5
> 3583 1
> 3593 2
> 3602 3
> 3605 1
> 3663 1
> 3737 5
> 3748 1
> 3758 1
> 3790 2
> 3801 1
> 3816 22
> 3909 1
> 4134 22
> 4181 5
> 4230 14
> 4323 10
> 4385 1
> 4538 2
> 4685 3
> 4691 1
> 4713 52
> 4725 6
> 4732 2
> 4739 15
> 4764 2
> 4766 5
> 4775 6
> 4786 1
> 4802 9
> 4804 51
> 4808 8
> 4812 6
> 4837 14
> 5009 2
> 5056 1
> 5088 1
> 5639 7
> 5645 6
> 5650 2
> 5668 9
> 5690 1
> 5752 1
> 5760 1
> 5769 147
> 5778 5
> 6057 3
> 6079 12
> 6128 106
> 6140 6
> 6147 18
> 6167 3
> 6197 6
> 6198 19
> 6221 1
> 6222 2
> 6298 12
> 6300 2
> 6306 1
> 6315 1
> 6327 95
> 6332 9
> 6383 2
> 6386 4
> 6388 3
> 6389 52
> 6400 21
> 6429 4
> 6453 2
> 6458 7
> 6461 1
> 6478 39
> 6517 1
> 6539 2
> 6621 2
> 6648 20
> 6983 2
> 7011 2
> 7015 66
> 7016 19
> 7017 6
> 7018 15
> 7029 9
> 7098 1
> 7132 288
> 7212 1
> 7228 1
> 7341 1
> 7385 2
> 7418 65
> 7459 2
> 7545 30
> 7552 2
> 7629 1
> 7633 1
> 7643 11
> 7671 1
> 7679 2
> 7718 1
> 7725 41
> 7738 81
> 7757 13
> 7843 9
> 7925 1
> 7992 33
> 8018 1
> 8048 61
> 8065 13
> 8151 69
> 8163 2
> 8167 54
> 8584 2
> 8781 1
> 9241 1
> 9299 49
> 9354 2
> 9365 1
> 9386 3
> 9480 1
> 9498 83
> 9506 25
> 9556 4
> 9583 10
> 9595 1
> 9617 1
> 9658 1
> 9723 2
> 9797 1
> 9812 2
> 9822 2
> 9824 4
> 9829 19
> 9942 1
> 10010 1
> 10021 4
> 10091 44
> 10101 1
> 10113 1
> 10139 49
> 10143 9
> 10201 2
> 10223 1
> 10292 4
> 10297 1
> 10299 1
> 10311 16
> 10396 10
> 10429 4
> 10481 20
> 10507 4
> 10617 1
> 10620 10
> 10796 46
> 10838 4
> 10881 1
> 10910 1
> 10938 1
> 10993 1
> 10994 43
> 11014 1
> 11060 15
> 11081 3
> 11134 1
> 11172 4
> 11175 1
> 11181 1
> 11215 2
> 11242 3
> 11260 18
> 11290 15
> 11311 1
> 11351 72
> 11367 1
> 11398 1
> 11426 37
> 11427 60
> 11492 15
> 11509 1
> 11530 2
> 11556 2
> 11664 1
> 11666 1
> 11707 1
> 11776 1
> 11830 7
> 11913 1
> 11955 10
> 11992 4
> 12026 1
> 12035 1
> 12066 2
> 12083 2
> 12127 3
> 12177 1
> 12231 2
> 12262 6
> 12270 1
> 12271 28
> 12975 2
> 13343 44
> 13367 18
> 13368 1
> 13371 1
> 13385 1
> 13407 1
> 13432 12
> 13451 1
> 13489 7
> 13490 4
> 13560 1
> 13576 1
> 13585 1
> 13609 1
> 13693 3
> 13776 1
> 13787 1
> 13999 13
> 14000 1
> 14051 2
> 14080 3
> 14155 1
> 14188 1
> 14234 1
> 14259 5
> 14265 3
> 14288 1
> 14291 1
> 14311 1
> 14359 1
> 14366 2
> 14472 1
> 14502 1
> 14522 1
> 14550 1
> 14566 1
> 14615 1
> 14638 5
> 14677 1
> 14729 1
> 14751 1
> 14758 2
> 14793 1
> 14905 2
> 14921 3
> 14989 1
> 15146 9
> 15180 4
> 15290 3
> 15305 1
> 16467 1
> 16586 5
> 16629 2
> 16718 4
> 16735 4
> 16787 1
> 16796 1
> 16810 1
> 16814 7
> 16831 1
> 16889 1
> 16904 1
> 16960 4
> 16988 1
> 17093 1
> 17126 1
> 17184 2
> 17222 2
> 17310 1
> 17379 4
> 17401 2
> 17488 5
> 17506 2
> 17511 2
> 17529 1
> 17565 16
> 17623 1
> 17639 2
> 17676 13
> 17698 2
> 17747 1
> 17805 1
> 17816 1
> 17883 1
> 17895 1
> 17897 2
> 17962 1
> 17974 7
> 18026 1
> 18104 1
> 18114 1
> 18182 2
> 18200 2
> 18207 6
> 18221 1
> 18229 1
> 18390 1
> 18396 3
> 18494 1
> 18503 1
> 18563 1
> 18566 4
> 18747 3
> 18809 5
> 18812 2
> 18881 37
> 18940 1
> 18943 1
> 18988 1
> 19016 2
> 19090 11
> 19108 20
> 19114 1
> 19115 3
> 19130 1
> 19169 1
> 19182 4
> 19250 1
> 19262 2
> 19292 1
> 19429 18
> 20001 40
> 20015 1
> 20115 21
> 20124 1
> 20191 1
> 20214 59
> 20231 3
> 20299 4
> 20456 1
> 21508 16
> 21515 1
> 21548 1
> 21565 1
> 21580 1
> 21677 1
> 21686 1
> 21688 1
> 21724 1
> 21804 1
> 21864 1
> 21947 1
> 21949 1
> 22011 1
> 22019 1
> 22047 73
> 22085 1
> 22258 14
> 22291 24
> 22313 1
> 22318 1
> 22368 1
> 22402 1
> 22541 1
> 22566 2
> 22689 2
> 22709 1
> 22759 1
> 22773 63
> 22781 1
> 22799 1
> 22833 6
> 22927 43
> 22950 1
> 23100 1
> 23106 5
> 23184 6
> 23682 2
> 23693 1
> 23832 1
> 23851 1
> 24139 1
> 24186 1
> 24314 1
> 24321 1
> 24326 29
> 24536 1
> 24731 3
> 25019 11
> 25233 3
> 25620 1
> 25710 1
> 25983 1
> 25994 2
> 26091 1
> 26166 1
> 26579 1
> 26596 2
> 26599 3
> 26790 1
> 26793 1
> 26900 1
> 27306 1
> 27364 10
> 27375 1
> 27568 1
> 27650 1
> 27656 1
> 27665 2
> 27695 1
> 27699 88
> 27716 1
> 27724 2
> 27725 1
> 27737 1
> 27747 1
> 27751 1
> 27757 1
> 27805 3
> 27831 1
> 27879 1
> 27937 1
> 28280 1
> 28285 1
> 28300 1
> 28349 2
> 28509 1
> 28512 1
> 28573 77
> 28611 3
> 28615 1
> 28648 1
> 29160 1
> 29737 3
> 29765 1
> 29859 3
> 29895 7
> 29933 1
> 29974 1
> 30101 1
> 30160 3
> 30336 3
> 30407 2
> 30462 1
> 30612 1
> 30689 2
> 31416 1
> 32020 1
> 32098 2
> 32107 3
> 32244 1
> 32277 3
> 32448 2
> 32480 1
> 32703 1
> 32706 1
> 32757 1
> 32939 1
> 32984 3
> 33038 1
> 33170 1
> 33287 88
> 33363 1
> 33490 31
> 33491 95
> 33545 3
> 33638 1
> 33650 33
> 33651 69
> 33652 33
> 33653 1
> 33654 3
> 33655 2
> 33657 36
> 33659 7
> 33660 10
> 33662 20
> 33666 3
> 33667 5
> 33668 38
> 34397 2
> 34426 1
> 36253 1
> 36351 1
> 36423 4
> 36727 19
> 36817 1
> 37925 1
> 37967 1
> 37992 1
> 37995 1
> 40064 1
> 40099 1
> 40246 1
> 40285 1
> 40309 1
> 40312 1
> 40473 1
> 42298 8
> 43373 1
> 64351 8
>
> - --
> Neil Long, Team Cymru
> http://www.cymru.com | +1 312 924 4022 | neil at cymru.com
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.0.6 (Build 6060)
>
> iQEVAwUBSFt6O9gB4lhqRtnkAQI4eQgA3xccjv0LD3IhuJeAPNxJt4A5IpIoam44
> HLEBXwLE5L5WR0ulewX99z9PFqgysZbReGgCeM7ffG1JJM46inkwgFm8Yg6fR3um
> UWqNW+RkSP4uKK/USiuZT/iM0FXS/VUTjHI21f2DXrQvS/muGOCYQ6Y8a7s/kObK
> PINy76OeplXiMxrf1cXcpjTA7W6UOb9f5Wo6J7bcUiAZ2kcuwpIMswDXb/XL0Nf+
> YQukqogLp/fYGT2Ji0L5iqyuxmzZVHkSYMeFaIjih85n7EQm2ZrnKujuk5YQZ2iJ
> KPemKLvbeT95Y1k+CCX5GHdCG3tUdWwa3igB1Ql+iH/3guSNMs5/BQ==
> =PhCa
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-
> security
> community. Confidentiality is essential for effective Internet
> security counter-measures.
> _______________________________________________
>
- --
Neil Long, Team Cymru
http://www.cymru.com | +1 312 924 4022 | neil at cymru.com
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)
iQEVAwUBSFuA7dgB4lhqRtnkAQLqHggAjGJlhs373+cxl8/Ck1Zh75ZwU53UsD4n
hc6lmc4HGJ078KCocWWUiHFwCfmWYdlDgb1C2WlT34uHMNe6Pb3+fbovqbYmyAAx
VC+BP7yK0Yifga2A/pw8ybv/IPdepENN0ZJYA8mwWsWedT1ey9jGbRiwstRIYRPV
xQnbWVFfKe+D2P/UQePuOlN9Ke/lTfMytgHLKMQWXSe8DmHrX3qZhAzYs67Zt+2E
OijBL3PC2IzMoa3nFLXcW5skpQUiMB51iBoCdht6K8iSIubEykbIfBfa7Mx8qLsp
Da9JHq24M1/G44/veXwKZaRJM80NhkBu0HoLqCAcWiFPtyKCv758pA==
=OEyf
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list