[nsp-sec] ATTN SAVVIS: UDP love from 208.133.146.26 [FICORA #201009]
Sane Jiri
jiri.sane at elisa.fi
Tue Sep 23 13:04:29 EDT 2008
JFYI:
Some more accurate details about this:
Attack #1 started 23.9 morning around 7:00 UTC and stopped somewhere after 13:20 UTC after being nullrouted
208.133.146.26 -> 193.110.109.55 udp flood ~100kpkt/s
Attack #2 started 14:10 UTC and
208.133.146.26 -> 193.65.90.182 udp flood ~100kpkt/s
--
Jiri Sane
Elisa Plc
+358 50 3034968
jiri.sane at elisa.fi
>-----Original Message-----
>From: nsp-security-bounces at puck.nether.net
>[mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Huopio Kauto
>Sent: Tuesday, September 23, 2008 5:47 PM
>To: NSP nsp-security
>Subject: [nsp-sec] ATTN SAVVIS: UDP love from 208.133.146.26
>[FICORA #201009]
>
>----------- nsp-security Confidential --------
>
>Greetings,
>
>We have received reports of UDP love originating from 208.133.146.26.
>
>Targets are at least 193.65.90.182 and 193.110.191.2. According
>to report we've received this seems not to be spoofed -
>in this case we don't have first-level access to data.
>
>If you see suspicious UDP flows to this address - please investigate.
>
>--Kauto
>
>Kauto Huopio - kauto.huopio at ficora.fi
>Senior information security adviser
>Finnish Communications Regulatory Authority / CERT-FI
>tel. +358-9-6966772, fax +358-9-6966515, mobile +358-50-5826131
>CERT-FI watch desk daytime: +358-9-6966510
>CERT-FI 24/7 on-call duty officer: +358-44-0120123 / http://www.cert.fi
>
>
>
>_______________________________________________
>nsp-security mailing list
>nsp-security at puck.nether.net
>https://puck.nether.net/mailman/listinfo/nsp-security
>
>Please do not Forward, CC, or BCC this E-mail outside of the
>nsp-security
>community. Confidentiality is essential for effective Internet
>security counter-measures.
>_______________________________________________
>
More information about the nsp-security
mailing list