[nsp-sec] ACK 224 Re: UDP attack against 62.50.74.122 (AS15650)
Morten Knutsen
morten.knutsen at uninett.no
Tue Mar 11 15:15:13 EDT 2008
Mike Hellers wrote:
> All,
>
> AS15650 saw a rather high bandwidth (around 2Gbps) DDOS attack against
> one of their customers today (target 62.50.74.122 - AS15650).
>
> The flows were all UDP, so some of the source addresses might be
> spoofed, but looking at some of the source IP's we could identify, I
> suspect a lot of them to be real compromised boxes.
>
> I would appreciate any insight somebody might have to link this attack
> to any known C&C.
>
> Attached are some of the the flows as we (AS8928) have seen them.
>
> Here is the list of source IP's based on those flows:
>
>
> 224 | 129.242.219.11 | UNINETT UNINETT, The Norwegian University &
> Research Network
>
ACK, sanitized and sent on for follow-up.
Thanks,
--
Morten Knutsen
UNINETT AS 224
More information about the nsp-security
mailing list