[nsp-sec] 15826 uniq source IPs OLD: DDOS target www.civil.ge 1Gbps 220kpps http mixed with udp

Wed Oct 8 09:09:56 EDT 2008

On Oct 7, 2008, at 10:45 PM, Hillar Aarelaid wrote:
> target www.civil.ge
>

Please find attached list of attacking sources and asn list

Here are top 25

count | asn | name
-------------------------
    2930 9121 TTNET
     603 7738 Telecomunicacoes
     602 8167 TELESC
     509 9908 HKCABLE2-HK-AP
     487 27699 TELECOMUNICACOES
     404 8452 TEDATA
     372 9737 TOTNET-TH-AS-AP
     316 3215 AS3215
     300 3352 TELEFONICA-DATA-ESPANA
     276 3320 DTAG
     202 8708 RDSNET
     187 5483 HTC-AS
     175 5617 TPNET
     164 3269 ASN-IBSNAZ
     159 7132 SBIS-AS
     156 9829 BSNL-NIB
     154 9050 RTD
     152 8346 SONATEL-AS
     146 6713 IAM-AS
     145 8359 COMSTAR
     131 22927 Telefonica
     129 8400 TELEKOM-AS
     127 7303 Telecom
     123 6830 UPC
     118 6821 MT-AS-OWN

Any assistance in identifying the botnet C&C would be appreciated.

Hillar

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: asn.count.txt
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20081008/5d099f77/attachment-0001.txt>
-------------- next part --------------