[nsp-sec] heads up ThePlanet 21844

Chris Morrow morrowc at ops-netman.net
Thu Sep 25 22:21:15 EDT 2008 

This came up amongst the atrivo conversations on nanog today, someone 
('term' from NZ) getting some udp lovin from 4-5 'the planet' ip addrs, 
logs below, but condensed to:

> I can give you the source address's
> 66.98.198.57
> 66.98.198.73
> 67.15.10.34
> 207.44.228.86
>
> (Current) Destination address's are
> 58.28.4.2
> 58.28.6.2

Hopefully this has already popped up on your arbor console :)

-Chris
just passing it along... :)

show firewall log detail
Time of Log: 2008-09-26 13:36:23 NZST, Filter: pfe, Filter action: 
discard, Name of interface: ge-2/0/0.402
Name of protocol: UDP, Packet Length: 29, Source address: 
207.44.228.86:40582, Destination address: 58.28.4.2:19182
Time of Log: 2008-09-26 13:36:23 NZST, Filter: pfe, Filter action: 
discard, Name of interface: ge-2/0/0.402
Name of protocol: UDP, Packet Length: 29, Source address: 
66.98.168.73:32812, Destination address: 58.28.4.2:38827
Time of Log: 2008-09-26 13:36:23 NZST, Filter: pfe, Filter action: 
discard, Name of interface: ge-2/0/0.402
Name of protocol: UDP, Packet Length: 29, Source address: 
207.44.228.86:40582, Destination address: 58.28.4.2:23739
Time of Log: 2008-09-26 13:36:23 NZST, Filter: pfe, Filter action: 
discard, Name of interface: ge-2/0/0.402
Name of protocol: UDP, Packet Length: 29, Source address: 
207.44.228.86:40582, Destination address: 58.28.4.2:38318
Time of Log: 2008-09-26 13:36:23 NZST, Filter: pfe, Filter action: 
discard, Name of interface: ge-2/0/0.402
Name of protocol: UDP, Packet Length: 29, Source address: 
66.98.168.73:32812, Destination address: 58.28.4.2:35286
Time of Log: 2008-09-26 13:36:23 NZST, Filter: pfe, Filter action: 
discard, Name of interface: ge-2/0/0.402
Name of protocol: UDP, Packet Length: 29, Source address: 
66.98.198.57:40300, Destination address: 58.28.6.2:19062
Time of Log: 2008-09-26 13:36:23 NZST, Filter: pfe, Filter action: 
discard, Name of interface: ge-2/0/0.402
Name of protocol: UDP, Packet Length: 29, Source address: 
66.98.168.73:32812, Destination

More information about the nsp-security mailing list