[nsp-sec] ACK RE: DNS Flood to Ultra - Updated list - looking for themalware
Gassen, Derek
Derek.Gassen at twtelecom.com
Thu Apr 2 18:01:17 EDT 2009
ACK 4323. Sent to Abuse
Derek Gassen
Security Engineering
tw telecom inc.
-----Original Message-----
From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Nicholas Ianelli
Sent: Thursday, April 02, 2009 3:14 PM
To: 'nsp-security NSP'
Subject: [nsp-sec] DNS Flood to Ultra - Updated list - looking for themalware
----------- nsp-security Confidential --------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team,
I have an updated list of ASNs still sending packets towards our DNS servers. Granted it is extremely less then before, but it is still occurring.
I am really trying to track down the malware. I am more than happy to speak with any of your customers, if this sounds doable, I'll pass you a phone number and you can have them call me if you want.
I have the actual flow if you need it, just drop me a line with the IP addresses in question and it's yours.
Targeting: 204.74.66.131 and 204.74.67.131 - port 53/UDP Date of traffic: 2009.04.02
Time: between 20:08 - 20:18 GMT
There are 555 ASNs represented in this list:
https://asn.cymru.com/nsp-sec/upload/1238706285.whois.txt
Bulk mode; whois.cymru.com [2009-04-02 21:04:45 +0000]
NA | 108.135.77.57 | NA
NA | 138.60.71.254 | NA
NA | 139.202.193.205 | NA
NA | 157.220.204.93 | NA
NA | 160.22.205.169 | NA
NA | 161.238.59.204 | NA
NA | 168.4.221.11 | NA
NA | 172.115.152.81 | NA
NA | 173.154.15.24 | NA
NA | 195.88.193.155 | NA
NA | 199.182.16.75 | NA
NA | 203.105.107.25 | NA
NA | 26.172.15.129 | NA
NA | 45.209.47.108 | NA
NA | 47.6.93.229 | NA
NA | 54.69.216.111 | NA
3 | 18.156.71.240 | MIT-GATEWAYS - Massachusetts Institute of
Technology
3 | 18.226.253.34 | MIT-GATEWAYS - Massachusetts Institute of
Technology
3 | 18.228.206.133 | MIT-GATEWAYS - Massachusetts Institute of
Technology
3 | 18.229.5.11 | MIT-GATEWAYS - Massachusetts Institute of
Technology
29 | 130.132.103.43 | YALE-AS - Yale University
71 | 15.131.186.89 | HP-INTERNET-AS Hewlett-Packard Company
71 | 15.167.59.66 | HP-INTERNET-AS Hewlett-Packard Company
71 | 15.228.167.213 | HP-INTERNET-AS Hewlett-Packard Company
71 | 16.199.23.101 | HP-INTERNET-AS Hewlett-Packard Company
71 | 16.51.18.93 | HP-INTERNET-AS Hewlett-Packard Company
80 | 3.227.184.14 | GE-CRD - General Electric Company
80 | 3.9.20.138 | GE-CRD - General Electric Company
81 | 152.51.4.122 | NCREN - MCNC
81 | 198.86.180.90 | NCREN - MCNC
174 | 130.117.240.52 | COGENT Cogent/PSI
174 | 149.94.52.11 | COGENT Cogent/PSI
174 | 38.185.33.219 | COGENT Cogent/PSI
174 | 38.33.25.178 | COGENT Cogent/PSI
174 | 38.60.158.131 | COGENT Cogent/PSI
174 | 66.132.74.66 | COGENT Cogent/PSI
209 | 204.234.204.125 | ASN-QWEST - Qwest Communications Corporation
209 | 67.2.1.19 | ASN-QWEST - Qwest Communications Corporation
237 | 35.202.111.139 | MERIT-AS-14 - Merit Network Inc.
237 | 35.40.147.196 | MERIT-AS-14 - Merit Network Inc.
278 | 132.247.182.148 | Red Academica de Mexico
286 | 62.25.3.41 | KPN KPN Internet Backbone AS
306 | 132.141.97.199 | DNIC - DoD Network Information Center
523 | 134.78.175.36 | REDSTONE-AS - Headquarters, USAISC
553 | 193.197.65.213 | BELWUE Landeshochschulnetz
Baden-Wuerttemberg (BelWue)
559 | 146.136.214.208 | SWITCH SWITCH, Swiss Education and Research
Network
668 | 134.240.221.17 | ASN-ASNET-NET-AS - Defense Research and
Engineering Network
680 | 134.61.174.83 | DFN-IP service G-WiN
680 | 137.248.77.236 | DFN-IP service G-WiN
680 | 141.25.191.252 | DFN-IP service G-WiN
701 | 152.210.185.144 | UUNET - MCI Communications Services, Inc.
d/b/a Verizon Business
701 | 162.91.205.114 | UUNET - MCI Communications Services, Inc.
d/b/a Verizon Business
701 | 206.80.164.35 | UUNET - MCI Communications Services, Inc.
d/b/a Verizon Business
701 | 207.26.192.134 | UUNET - MCI Communications Services, Inc.
d/b/a Verizon Business
701 | 208.208.149.130 | UUNET - MCI Communications Services, Inc.
d/b/a Verizon Business
701 | 63.102.38.120 | UUNET - MCI Communications Services, Inc.
d/b/a Verizon Business
701 | 63.16.75.69 | UUNET - MCI Communications Services, Inc.
d/b/a Verizon Business
701 | 63.19.98.173 | UUNET - MCI Communications Services, Inc.
d/b/a Verizon Business
702 | 137.174.248.70 | AS702 Verizon Business EMEA - Commercial IP
service provider in Europe
714 | 17.123.145.0 | APPLE-ENGINEERING - Apple Computer, Inc.
714 | 17.156.250.31 | APPLE-ENGINEERING - Apple Computer, Inc.
714 | 17.174.44.101 | APPLE-ENGINEERING - Apple Computer, Inc.
714 | 17.193.176.246 | APPLE-ENGINEERING - Apple Computer, Inc.
714 | 17.232.84.21 | APPLE-ENGINEERING - Apple Computer, Inc.
786 | 137.73.114.119 | JANET The JANET IP Service
786 | 148.197.237.232 | JANET The JANET IP Service
786 | 193.61.224.200 | JANET The JANET IP Service
1101 | 145.209.251.164 | IP-EEND-AS IP-EEND BV
1103 | 145.107.2.21 | SURFNET-NL SURFnet, The Netherlands
1103 | 145.122.161.246 | SURFNET-NL SURFnet, The Netherlands
1128 | 130.161.73.45 | TUDELFT-NL DTO TUDELFT, The Netherlands - AS
1221 | 120.150.38.159 | ASN-TELSTRA Telstra Pty Ltd
1221 | 124.181.69.53 | ASN-TELSTRA Telstra Pty Ltd
1226 | 158.96.38.219 | TEALE-AS - Teale Data Center
1239 | 208.23.185.85 | SPRINTLINK - Sprint
1267 | 151.51.110.145 | ASN-INFOSTRADA Infostrada S.p.A.
1267 | 151.56.30.247 | ASN-INFOSTRADA Infostrada S.p.A.
1476 | 144.99.201.176 | ASNBLK1474-1477 - Headquarters, USAISC
1668 | 149.174.249.158 | AOL-ATDN - AOL Transit Data Network
1668 | 172.196.72.21 | AOL-ATDN - AOL Transit Data Network
1668 | 172.199.58.100 | AOL-ATDN - AOL Transit Data Network
1742 | 131.142.177.190 | HARVARD-UNIV - Harvard University
1785 | 209.253.49.232 | AS-PAETEC-NET - PaeTec Communications, Inc.
1840 | 140.148.218.204 | Universidad de las Americas
1889 | 16.0.181.195 | HP-EUROPE-AS Hewlett-Packard Company
1901 | 194.118.190.131 | EUNETAT-AS eTel Austria Gesmbh u. CO KG
2018 | 152.106.2.210 | TENET-1
2049 | 157.247.202.47 | AVL-GRAZ AVL List GmbH
2269 | 160.228.107.35 | FR-U-PARISSUD-ORSAY FR
2379 | 204.215.43.2 | EMBARQ-WNPK - Embarq Corporation
2386 | 167.178.214.96 | INS-AS - AT&T Data Communications Services
2506 | 160.245.64.48 | CSI NTT WEST CHUGOKU CORPORATION
2511 | 163.138.111.21 | CORE NTT
2516 | 125.55.34.21 | KDDI KDDI CORPORATION
2634 | 174.42.28.27 | ALLTEL - ALLTEL Corporation
2647 | 57.179.72.203 | SITA SITA
2647 | 57.75.113.227 | SITA SITA
2685 | 32.115.120.50 | ASATTCA AT&T Global Network Services - CA
2686 | 32.183.124.73 | AT&T Global Network Services - EMEA
2686 | 32.221.141.180 | AT&T Global Network Services - EMEA
2686 | 32.95.84.199 | AT&T Global Network Services - EMEA
2856 | 62.172.153.141 | BT-UK-AS BTnet UK Regional network
2856 | 86.136.218.146 | BT-UK-AS BTnet UK Regional network
2856 | 86.141.122.28 | BT-UK-AS BTnet UK Regional network
2914 | 198.104.184.168 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.
2914 | 204.201.98.239 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.
2914 | 205.146.112.52 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.
2914 | 207.97.24.76 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.
2914 | 209.59.43.81 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.
2914 | 61.213.177.5 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.
2920 | 156.3.254.233 | LACOE - Los Angeles County Office of Education
3112 | 129.137.122.3 | OARNET-AS-1 - OARnet
3209 | 138.200.245.14 | ARCOR-AS Arcor IP-Network
3209 | 188.111.62.252 | ARCOR-AS Arcor IP-Network
3215 | 81.250.77.203 | AS3215 France Telecom - Orange
3215 | 82.127.24.230 | AS3215 France Telecom - Orange
3215 | 90.39.163.176 | AS3215 France Telecom - Orange
3269 | 82.188.214.127 | ASN-IBSNAZ TELECOM ITALIA
3301 | 193.45.222.207 | TELIANET-SWEDEN TeliaNet Sweden
3301 | 217.215.165.182 | TELIANET-SWEDEN TeliaNet Sweden
3301 | 78.67.16.192 | TELIANET-SWEDEN TeliaNet Sweden
3301 | 90.231.161.128 | TELIANET-SWEDEN TeliaNet Sweden
3303 | 193.8.196.93 | SWISSCOM Swisscom (Switzerland) Ltd
3320 | 217.226.222.53 | DTAG Deutsche Telekom AG
3320 | 79.213.192.24 | DTAG Deutsche Telekom AG
3320 | 79.221.155.40 | DTAG Deutsche Telekom AG
3320 | 79.248.57.113 | DTAG Deutsche Telekom AG
3320 | 80.147.246.6 | DTAG Deutsche Telekom AG
3320 | 87.148.106.237 | DTAG Deutsche Telekom AG
3320 | 87.181.37.32 | DTAG Deutsche Telekom AG
3320 | 93.207.64.241 | DTAG Deutsche Telekom AG
3329 | 79.166.17.58 | Hellas Online SA
3352 | 79.145.64.124 | TELEFONICA-DATA-ESPANA Internet Access
Network of TDE
3352 | 81.34.21.2 | TELEFONICA-DATA-ESPANA Internet Access
Network of TDE
3352 | 88.19.17.161 | TELEFONICA-DATA-ESPANA Internet Access
Network of TDE
3356 | 4.245.78.207 | LEVEL3 Level 3 Communications
3356 | 4.64.226.189 | LEVEL3 Level 3 Communications
3356 | 4.68.25.3 | LEVEL3 Level 3 Communications
3356 | 8.58.84.224 | LEVEL3 Level 3 Communications
3356 | 8.82.131.29 | LEVEL3 Level 3 Communications
3360 | 20.37.78.132 | CSC-ASN - Computer Sciences Corporation
3462 | 220.131.59.128 | HINET Data Communication Business Group
3549 | 200.29.254.30 | GBLX Global Crossing Ltd.
3561 | 146.135.65.220 | SAVVIS - Savvis
3561 | 165.193.28.23 | SAVVIS - Savvis
3741 | 160.123.52.237 | IS
3816 | 190.254.167.22 | COLOMBIA TELECOMUNICACIONES S.A. ESP
3816 | 190.66.182.40 | COLOMBIA TELECOMUNICACIONES S.A. ESP
3816 | 200.21.123.82 | COLOMBIA TELECOMUNICACIONES S.A. ESP
4010 | 155.87.66.153 | CEEIS-ASN1 - DoD Network Information Center
4058 | 203.85.0.49 | LINKAGENET-AP CPCNet Hong Kong Ltd.
4134 | 113.69.62.221 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 113.98.51.6 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 115.203.33.50 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 118.122.76.135 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 121.226.181.90 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 121.229.210.242 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 124.31.66.79 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 218.13.94.170 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 219.151.138.67 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 222.187.24.11 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 58.60.132.193 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 60.175.173.161 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 60.177.115.91 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 60.182.191.186 | CHINANET-BACKBONE No.31,Jin-rong Street
4193 | 155.67.126.151 | WA-STATE-GOV - Department of Information
Services
4193 | 167.72.192.237 | WA-STATE-GOV - Department of Information
Services
4230 | 189.3.182.210 | Embratel
4230 | 189.52.126.254 | Embratel
4230 | 189.52.47.144 | Embratel
4230 | 200.241.244.4 | Embratel
4267 | 24.137.187.120 | CERNET-ASN-BLOCK - California Education and
Research Federation Network
4323 | 137.220.139.127 | TWTC - tw telecom holdings, inc.
4323 | 24.219.33.159 | TWTC - tw telecom holdings, inc.
4538 | 120.94.194.195 | ERX-CERNET-BKB China Education and Research
Network Center
4538 | 202.197.213.216 | ERX-CERNET-BKB China Education and Research
Network Center
4538 | 202.204.152.232 | ERX-CERNET-BKB China Education and Research
Network Center
4538 | 211.87.252.131 | ERX-CERNET-BKB China Education and Research
Network Center
4538 | 219.225.200.47 | ERX-CERNET-BKB China Education and Research
Network Center
4538 | 219.242.155.49 | ERX-CERNET-BKB China Education and Research
Network Center
4565 | 69.33.141.71 | MEGAPATH2-US - MegaPath Networks Inc.
4589 | 90.210.19.121 | EASYNET Easynet Global Services
4589 | 94.7.191.212 | EASYNET Easynet Global Services
4628 | 202.42.131.180 | ASN-PACIFIC-INTERNET-IX Pacific Internet Ltd
4685 | 121.1.132.32 | ASAHI-NET Asahi Net
4713 | 122.22.47.217 | OCN NTT Communications Corporation
4713 | 125.174.21.236 | OCN NTT Communications Corporation
4732 | 211.134.134.120 | DION KDDI CORPORATION
4766 | 115.17.139.135 | KIXS-AS-KR Korea Telecom
4766 | 119.217.197.120 | KIXS-AS-KR Korea Telecom
4766 | 125.141.228.5 | KIXS-AS-KR Korea Telecom
4766 | 125.142.60.128 | KIXS-AS-KR Korea Telecom
4766 | 220.90.168.37 | KIXS-AS-KR Korea Telecom
4766 | 221.148.183.28 | KIXS-AS-KR Korea Telecom
4766 | 221.155.38.33 | KIXS-AS-KR Korea Telecom
4766 | 222.118.233.161 | KIXS-AS-KR Korea Telecom
4780 | 211.74.82.204 | SEEDNET Digital United Inc.
4802 | 203.59.101.171 | ASN-IINET iiNet Limited
4812 | 114.95.185.162 | CHINANET-SH-AP China Telecom (Group)
4837 | 115.58.227.188 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 119.162.119.36 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 120.1.61.47 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 122.137.69.14 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 124.161.196.192 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 60.18.100.150 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4847 | 219.142.134.225 | CNIX-AP China Networks Inter-Exchange
5089 | 81.102.231.219 | NTL NTL Group Limited
5089 | 86.4.120.0 | NTL NTL Group Limited
5089 | 86.9.168.23 | NTL NTL Group Limited
5384 | 86.97.118.63 | EMIRATES-INTERNET Emirates Internet
5430 | 77.145.211.130 | FREENETDE freenet Cityline GmbH
5483 | 84.3.104.218 | HTC-AS Hungarian Telecom
5513 | 94.27.244.138 | TMH T-Mobile Hungary Co. Ltd.
5515 | 194.251.200.152 | TS-FINLAND-DATANET-OLD TS Finland DataNet
5619 | 139.115.249.5 | ERGO ErgoGroup AS
5619 | 155.55.211.77 | ERGO ErgoGroup AS
5713 | 196.43.54.190 | SAIX-NET
5713 | 41.146.161.228 | SAIX-NET
5713 | 41.241.151.89 | SAIX-NET
5769 | 24.200.136.79 | VIDEOTRON - Videotron Telecom Ltee
6147 | 190.232.164.108 | Telefonica del Peru S.A.A.
6147 | 190.232.251.244 | Telefonica del Peru S.A.A.
6147 | 190.233.59.231 | Telefonica del Peru S.A.A.
6147 | 190.40.27.145 | Telefonica del Peru S.A.A.
6147 | 190.41.15.197 | Telefonica del Peru S.A.A.
6147 | 190.42.74.56 | Telefonica del Peru S.A.A.
6147 | 190.43.107.180 | Telefonica del Peru S.A.A.
6147 | 190.43.115.73 | Telefonica del Peru S.A.A.
6147 | 200.121.173.194 | Telefonica del Peru S.A.A.
6147 | 200.121.237.76 | Telefonica del Peru S.A.A.
6147 | 200.48.228.217 | Telefonica del Peru S.A.A.
6147 | 200.48.230.194 | Telefonica del Peru S.A.A.
6147 | 201.230.102.99 | Telefonica del Peru S.A.A.
6147 | 201.230.153.200 | Telefonica del Peru S.A.A.
6147 | 201.230.158.52 | Telefonica del Peru S.A.A.
6147 | 201.230.200.224 | Telefonica del Peru S.A.A.
6167 | 66.174.95.211 | CELLCO-PART - Cellco Partnership
6167 | 97.18.207.116 | CELLCO-PART - Cellco Partnership
6167 | 97.186.95.122 | CELLCO-PART - Cellco Partnership
6167 | 97.236.198.33 | CELLCO-PART - Cellco Partnership
6167 | 97.53.46.162 | CELLCO-PART - Cellco Partnership
6189 | 169.156.242.42 | EPFL-AS - Enoch-Pratt Free Library
6327 | 24.76.160.170 | SHAW - Shaw Communications Inc.
6327 | 70.70.52.90 | SHAW - Shaw Communications Inc.
6384 | 74.228.237.115 | BELLSOUTH-NET-BLK - BellSouth.net Inc.
6389 | 170.181.145.219 | BELLSOUTH-NET-BLK - BellSouth.net Inc.
6389 | 205.152.144.35 | BELLSOUTH-NET-BLK - BellSouth.net Inc.
6389 | 72.154.236.208 | BELLSOUTH-NET-BLK - BellSouth.net Inc.
6400 | 200.88.127.23 | CompañÃa Dominicana de Teléfonos, C. por
A. - CODETEL
6400 | 66.98.21.244 | CompañÃa Dominicana de Teléfonos, C. por
A. - CODETEL
6412 | 168.187.219.197 | KW KEMS
6458 | 190.148.148.49 | Telgua
6458 | 190.148.96.125 | Telgua
6471 | 200.49.21.53 | ENTEL CHILE S.A.
6535 | 190.208.65.14 | Telmex Servicios Empresariales S.A.
6619 | 121.253.161.76 | SAMSUNGNETWORKS-AS-KR Samsung Networks Inc.
6621 | 66.82.4.23 | HNS-DIRECPC - Hughes Network Systems
6621 | 66.82.4.26 | HNS-DIRECPC - Hughes Network Systems
6621 | 66.82.4.27 | HNS-DIRECPC - Hughes Network Systems
6621 | 67.142.207.8 | HNS-DIRECPC - Hughes Network Systems
6663 | 86.106.170.58 | EUROWEBRO Euroweb Romania SA
6713 | 62.251.249.102 | IAM-AS
6785 | 94.148.127.203 | CYBERCITY Cybercity A/S
6805 | 217.184.214.221 | TDDE-ASN1 Telefonica Deutschland Autonomous
System
6805 | 217.48.135.23 | TDDE-ASN1 Telefonica Deutschland Autonomous
System
6830 | 84.115.69.23 | UPC UPC Broadband
6830 | 85.127.126.157 | UPC UPC Broadband
6848 | 193.149.249.1 | TELENET-AS Telenet Operaties N.V.
7015 | 76.19.232.229 | CCCH-AS2 - Comcast Cable Communications
Holdings, Inc
7018 | 12.157.75.113 | ATT-INTERNET4 - AT&T WorldNet Services
7018 | 12.92.102.233 | ATT-INTERNET4 - AT&T WorldNet Services
7018 | 98.102.94.90 | ATT-INTERNET4 - AT&T WorldNet Services
7029 | 166.102.254.9 | WINDSTREAM - Windstream Communications Inc
7132 | 139.125.183.178 | SBIS-AS - AT&T Internet Services
7132 | 63.200.156.93 | SBIS-AS - AT&T Internet Services
7132 | 67.113.196.65 | SBIS-AS - AT&T Internet Services
7132 | 99.132.137.67 | SBIS-AS - AT&T Internet Services
7303 | 190.138.102.66 | Telecom Argentina S.A.
7303 | 190.138.110.162 | Telecom Argentina S.A.
7303 | 190.138.80.18 | Telecom Argentina S.A.
7303 | 190.139.11.153 | Telecom Argentina S.A.
7303 | 190.224.121.67 | Telecom Argentina S.A.
7303 | 190.225.198.117 | Telecom Argentina S.A.
7303 | 190.31.200.225 | Telecom Argentina S.A.
7303 | 200.117.119.211 | Telecom Argentina S.A.
7303 | 200.43.223.194 | Telecom Argentina S.A.
7303 | 200.45.4.179 | Telecom Argentina S.A.
7377 | 44.129.27.74 | UCSD - University of California at San Diego
7377 | 44.149.74.214 | UCSD - University of California at San Diego
7377 | 44.186.50.66 | UCSD - University of California at San Diego
7377 | 44.192.122.185 | UCSD - University of California at San Diego
7377 | 44.64.71.109 | UCSD - University of California at San Diego
7377 | 44.88.100.248 | UCSD - University of California at San Diego
7395 | 66.224.80.213 | INTEGRATELECOM - Integra Telecom, Inc.
7418 | 190.20.0.40 | Terra Networks Chile S.A.
7418 | 190.20.142.19 | Terra Networks Chile S.A.
7418 | 190.20.229.37 | Terra Networks Chile S.A.
7418 | 190.20.3.85 | Terra Networks Chile S.A.
7418 | 190.21.34.81 | Terra Networks Chile S.A.
7418 | 190.22.116.239 | Terra Networks Chile S.A.
7418 | 190.22.145.43 | Terra Networks Chile S.A.
7418 | 190.22.152.91 | Terra Networks Chile S.A.
7418 | 190.82.23.55 | Terra Networks Chile S.A.
7418 | 200.28.88.181 | Terra Networks Chile S.A.
7418 | 201.223.172.222 | Terra Networks Chile S.A.
7418 | 201.223.39.12 | Terra Networks Chile S.A.
7418 | 201.246.147.214 | Terra Networks Chile S.A.
7418 | 201.246.95.169 | Terra Networks Chile S.A.
7482 | 222.157.7.241 | APOL-AS Asia Pacific On-line Service Inc.
7575 | 141.132.157.174 | AARNET-AS-AP Australian Academic and
Reasearch Network (AARNet)
7725 | 24.99.133.100 | CCH-AS7 - Comcast Cable Communications
Holdings, Inc
7725 | 68.87.68.164 | CCH-AS7 - Comcast Cable Communications
Holdings, Inc
7725 | 98.192.56.246 | CCH-AS7 - Comcast Cable Communications
Holdings, Inc
7738 | 187.12.49.137 | Telecomunicacoes da Bahia S.A.
7738 | 201.59.51.74 | Telecomunicacoes da Bahia S.A.
7738 | 201.78.248.195 | Telecomunicacoes da Bahia S.A.
7743 | 159.53.136.128 | B1C-AS - Banc One Service Corp
7795 | 67.221.96.122 | NTELOSINC - Ntelos Inc.
7922 | 73.140.142.227 | COMCAST - Comcast Cable Communications, Inc.
7922 | 73.222.141.13 | COMCAST - Comcast Cable Communications, Inc.
7922 | 73.52.0.69 | COMCAST - Comcast Cable Communications, Inc.
7922 | 73.60.222.132 | COMCAST - Comcast Cable Communications, Inc.
7922 | 73.88.115.98 | COMCAST - Comcast Cable Communications, Inc.
7922 | 73.95.13.136 | COMCAST - Comcast Cable Communications, Inc.
7922 | 96.129.117.46 | COMCAST - Comcast Cable Communications, Inc.
7922 | 96.190.107.134 | COMCAST - Comcast Cable Communications, Inc.
8048 | 190.201.226.198 | CANTV Servicios, Venezuela
8048 | 190.205.127.8 | CANTV Servicios, Venezuela
8048 | 190.72.114.209 | CANTV Servicios, Venezuela
8048 | 190.72.193.180 | CANTV Servicios, Venezuela
8048 | 190.75.130.245 | CANTV Servicios, Venezuela
8048 | 190.76.95.97 | CANTV Servicios, Venezuela
8048 | 200.11.153.68 | CANTV Servicios, Venezuela
8048 | 200.11.153.69 | CANTV Servicios, Venezuela
8048 | 200.11.153.70 | CANTV Servicios, Venezuela
8048 | 200.11.153.71 | CANTV Servicios, Venezuela
8048 | 200.11.153.72 | CANTV Servicios, Venezuela
8048 | 200.11.248.12 | CANTV Servicios, Venezuela
8048 | 201.211.0.37 | CANTV Servicios, Venezuela
8065 | 190.29.0.24 | EPM Telecomunicaciones S.A. E.S.P.
8065 | 200.75.80.137 | EPM Telecomunicaciones S.A. E.S.P.
8151 | 148.212.135.190 | Uninet S.A. de C.V.
8151 | 189.158.234.249 | Uninet S.A. de C.V.
8151 | 201.100.52.244 | Uninet S.A. de C.V.
8151 | 201.121.216.211 | Uninet S.A. de C.V.
8167 | 189.10.54.242 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 200.103.134.67 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 201.10.124.1 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 201.10.124.13 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 201.10.124.3 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 201.10.124.5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 201.10.124.9 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 201.10.132.14 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 201.10.132.8 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 201.15.137.54 | TELESC - Telecomunicacoes de Santa Catarina SA
8196 | 212.6.198.91 | CLARANETDE Claranet Deutschland GmbH
8228 | 78.120.126.198 | CEGETEL-AS CEGETEL ENTREPRISES
8319 | 212.218.121.72 | NETHINKS-AS NETHINKS GmbH
8365 | 130.83.176.180 | MANDA MANDA
8402 | 195.14.55.116 | CORBINA-AS Corbina Telecom
8426 | 212.6.198.91 | CLARANET-AS ClaraNET
8447 | 62.46.89.38 | TELEKOM-AT Telekom Austria AutonomousSystem
8626 | 212.80.207.168 | R.I.T.A. authonomous system
8764 | 78.61.140.41 | TEOLTAB TEO LT AB Autonomous System
8858 | 195.54.36.50 | EUROIP - SOFT Internet Provider
8912 | 212.53.81.12 | NETBENEFIT Group NBT plc (formaly NetBenefit)
9116 | 83.130.100.80 | GOLDENLINES-ASN Golden Lines Main
Autonomous System
9121 | 85.104.126.31 | TTNET TTnet Autonomous System
9121 | 88.229.145.23 | TTNET TTnet Autonomous System
9143 | 83.83.180.109 | ZIGGO Ziggo - tv, internet, telefoon
9143 | 84.27.178.193 | ZIGGO Ziggo - tv, internet, telefoon
9318 | 116.125.16.145 | HANARO-AS Hanaro Telecom Inc.
9318 | 211.208.155.91 | HANARO-AS Hanaro Telecom Inc.
9318 | 211.58.132.134 | HANARO-AS Hanaro Telecom Inc.
9318 | 222.234.37.183 | HANARO-AS Hanaro Telecom Inc.
9394 | 222.42.10.153 | CRNET CHINA RAILWAY Internet(CRNET)
9415 | 218.35.122.217 | ETWEBS-AS1-AP ETWebs Taiwan Co. Ltd.
9416 | 219.71.8.93 | MULTIMEDIA-AS-AP Hoshin Multimedia Center Inc.
9800 | 211.90.160.159 | UNICOM CHINA UNICOM
9806 | 117.106.205.165 | BJENET Beijing Educational Information
Network Service Center Co., Ltd
10199 | 115.118.238.142 | TATA-AS Tata Communications Ltd
10396 | 72.50.78.101 | COQUI-NET - DATACOM CARIBE, INC.
10455 | 135.250.248.160 | LUCENT-CIO - Lucent Technologies Inc.
10583 | 170.163.173.202 | CHIME - Connecticut Hospital Assoc.
10796 | 75.180.80.180 | SCRR-10796 - Road Runner HoldCo LLC
11003 | 131.190.150.140 | PANDG - The Procter & Gamble Company
11232 | 24.220.0.11 | MIDCO-NET - Midcontinent Media, Inc.
11351 | 137.36.33.234 | RR-NYSREGION-ASN-01 - Road Runner HoldCo LLC
11351 | 67.240.32.215 | RR-NYSREGION-ASN-01 - Road Runner HoldCo LLC
11426 | 75.176.111.26 | SCRR-11426 - Road Runner HoldCo LLC
11427 | 70.115.197.40 | SCRR-11427 - Road Runner HoldCo LLC
11489 | 142.85.83.57 | BACI - Bell Canada
11714 | 204.234.204.125 | ASN-UNEB - University of Nebraska Central
Administration
11830 | 201.199.46.197 | Instituto Costarricense de Electricidad y
Telecom.
11844 | 189.85.175.180 | Newsite Informatica Ltda
12037 | 167.176.178.74 | FDIC-GOV - Federal Depositors Insurance
Corporation (FDIC)
12066 | 200.42.213.11 | TRICOM
12301 | 81.0.91.33 | INVITEL Invitel, Hungary
12357 | 95.62.1.112 | COMUNITEL Comunitel Global Autonomous System
12479 | 85.58.51.47 | UNI2-AS Uni2 Autonomous System
12582 | 151.105.230.179 | TSF-DATANET-NGD-AS TSF MPLS VPN Services
12715 | 87.221.93.229 | JAZZNET Jazz Telecom S.A.
12715 | 95.17.87.141 | JAZZNET Jazz Telecom S.A.
12912 | 62.152.133.82 | ERA Era Autonomous System
13184 | 92.231.103.11 | HANSENET HanseNet Telekommunikation GmbH
13343 | 72.17.11.61 | SCRR-13343 - Road Runner HoldCo LLC
13381 | 200.112.249.38 | CMET SACI
13432 | 68.104.73.228 | ASN-CXA-LV-13432-CBS - Cox Communications Inc.
13489 | 190.28.209.170 | EPM Telecomunicaciones S.A. E.S.P.
13567 | 165.28.21.56 | KMB1 - Kimberly-Clark Corporation
13999 | 189.195.0.232 | MegaCable SA de CV
14187 | 200.85.237.8 | COMSAT COLOMBIA
14207 | 155.53.83.140 | REDBACK - Redback Networks, Inc
14420 | 200.107.60.58 | ANDINATEL S.A.
14496 | 130.27.236.226 | AGILENT-AS - Agilent Technologies
14496 | 148.5.148.112 | AGILENT-AS - Agilent Technologies
14618 | 174.129.124.234 | AMAZON-AES - Amazon.com, Inc.
14725 | 168.247.129.120 | KEMPER-TECHSERVICES - Kemper Insurance
Companies
14832 | 208.80.164.15 | NETWORKUSA - Network USA L.L.C
15111 | 167.250.179.20 | HERMANMILLER - Herman Miller, Inc.
15267 | 138.129.236.224 | 702COM - 702 communications
15557 | 84.97.93.194 | LDCOMNET NEUF CEGETEL (formerly LDCOM NETWORKS)
15802 | 94.200.205.134 | DU-AS1 Emirates Integrated
Telecommunications Company PJSC (EITC-DU)
16338 | 81.184.217.44 | AUNA_TELECOM-AS Cableuropa - ONO
16399 | 168.93.101.46 | FIRSTCOMM-AS2 - First Communications LLC
16422 | 66.178.31.205 | NEWSKIES-NETWORKS - New Skies Satellites, Inc.
16422 | 66.178.44.187 | NEWSKIES-NETWORKS - New Skies Satellites, Inc.
16732 | 200.59.32.100 | VELOCOM
17511 | 121.84.183.90 | K-OPTICOM K-Opticom Corporation
17511 | 121.87.82.228 | K-OPTICOM K-Opticom Corporation
17561 | 167.30.0.160 | SERVICENET-AP Internet service provision to
Western
17638 | 221.239.101.36 | CHINATELECOM-TJ-AS-AP ASN for TIANJIN
Provincial Net of CT
17676 | 218.137.130.54 | GIGAINFRA BB TECHNOLOGY Corp.
17676 | 219.208.168.19 | GIGAINFRA BB TECHNOLOGY Corp.
17676 | 221.30.242.100 | GIGAINFRA BB TECHNOLOGY Corp.
17676 | 221.54.129.124 | GIGAINFRA BB TECHNOLOGY Corp.
17707 | 125.6.162.159 | EDGE-JP-AP AS for DATAHOTEL, which is one
of iDC in Japan,
17816 | 112.95.15.84 | CHINA169-GZ CNCGROUP IP network China169
Guangzhou MAN
17849 | 117.123.229.178 | GINAMHANVIT-AS-KR hanvit ginam broadcasting
comm.
17858 | 116.35.175.28 | KRNIC-ASBLOCK-AP KRNIC
17858 | 119.67.107.123 | KRNIC-ASBLOCK-AP KRNIC
17858 | 125.188.185.82 | KRNIC-ASBLOCK-AP KRNIC
17858 | 125.191.206.151 | KRNIC-ASBLOCK-AP KRNIC
17858 | 58.78.86.27 | KRNIC-ASBLOCK-AP KRNIC
17974 | 203.130.232.149 | TELKOMNET-AS2-AP PT Telekomunikasi Indonesia
18077 | 122.250.250.147 | C-ABLE Yamaguchi Cable Vision Co.,Ltd
18127 | 163.42.23.227 | TSUKUBA-WAN Tsukuba-WAN Network
18291 | 120.18.34.18 | VFAU-NET-AS Vodafone Australia Public
Autonomous System Number
18291 | 120.21.60.33 | VFAU-NET-AS Vodafone Australia Public
Autonomous System Number
18302 | 58.102.252.152 | SKG_NW-AS-KR SK Global co., Ltd
18385 | 203.77.167.15 | KDDI-AS-AP KDDI Australia Pty. Ltd.
18566 | 68.167.41.85 | COVAD - Covad Communications Co.
18747 | 190.60.90.50 | IFX-NW - IFX Communication Ventures, Inc.
18807 | 64.88.135.25 | SPEEDHOST-1 - SpeedHosting Inc
19262 | 141.153.20.198 | VZGNI-TRANSIT - Verizon Internet Services Inc.
19262 | 66.12.58.140 | VZGNI-TRANSIT - Verizon Internet Services Inc.
19429 | 190.24.213.248 | ETB - Colombia
19429 | 190.24.214.208 | ETB - Colombia
19429 | 190.24.55.238 | ETB - Colombia
19429 | 190.26.164.254 | ETB - Colombia
19429 | 200.119.44.6 | ETB - Colombia
19429 | 201.244.163.113 | ETB - Colombia
19429 | 201.244.218.116 | ETB - Colombia
20001 | 76.173.71.171 | ROADRUNNER-WEST - Road Runner HoldCo LLC
20057 | 32.161.113.206 | AT&T Wireless Service
20057 | 32.168.172.40 | AT&T Wireless Service
20057 | 32.169.7.107 | AT&T Wireless Service
20115 | 24.207.138.107 | CHARTER-NET-HKY-NC - Charter Communications
20115 | 96.41.135.189 | CHARTER-NET-HKY-NC - Charter Communications
20504 | 217.118.169.23 | RTL-AS RTL-AS
20838 | 92.58.33.10 | YIF-AS YIF Autonomous System
21508 | 71.62.82.26 | CCCH-AS5 - Comcast Cable Communications
Holdings, Inc
21637 | 204.124.161.148 | BROADBANDIP - Broadband IP, Inc.
21788 | 64.191.9.15 | NOC - Network Operations Center Inc.
21844 | 174.120.73.62 | THEPLANET-AS - ThePlanet.com Internet
Services, Inc.
22047 | 200.74.121.177 | VTR BANDA ANCHA S.A.
22047 | 200.86.39.136 | VTR BANDA ANCHA S.A.
22085 | 187.24.69.32 | Telet S.A.
22226 | 156.1.19.67 | SFUSD - San Francisco Unified School District
22300 | 216.83.58.234 | WIKIA - Wikia, Inc.
22368 | 190.13.43.198 | TELEBUCARAMANGA S.A. E.S.P.
22368 | 190.96.183.110 | TELEBUCARAMANGA S.A. E.S.P.
22689 | 200.155.43.49 | Internet By Sercomtel Ltda
22773 | 68.104.240.25 | ASN-CXA-ALL-CCI-22773-RDC - Cox
Communications Inc.
22773 | 72.198.26.203 | ASN-CXA-ALL-CCI-22773-RDC - Cox
Communications Inc.
22773 | 98.172.30.38 | ASN-CXA-ALL-CCI-22773-RDC - Cox
Communications Inc.
22927 | 190.174.70.55 | Telefonica de Argentina
22927 | 190.177.193.59 | Telefonica de Argentina
22927 | 190.50.167.60 | Telefonica de Argentina
22927 | 201.251.225.98 | Telefonica de Argentina
23243 | 200.49.160.31 | COMCEL GUATEMALA S.A.
23504 | 69.17.16.135 | SPEAKEASY - Speakeasy, Inc.
23846 | 58.15.177.162 | JNGDN-AS-AP Jinan Radio &TV Wellunited
24139 | 218.108.147.96 | CNNIC-WASU-AP WASU TV & Communication
Holding Co.,Ltd.
24444 | 218.201.182.222 | CMNET-V4SHANDONG-AS-AP Shandong Mobile
Communication Company Limited
24698 | 93.102.62.108 | OPTIMUS-AS Optimus Portugal
25229 | 82.144.200.195 | VOLIA-AS Volia Autonomous System
25229 | 93.74.96.42 | VOLIA-AS Volia Autonomous System
25620 | 190.186.49.208 | COTAS LTDA.
25620 | 190.186.82.152 | COTAS LTDA.
25620 | 201.222.108.166 | COTAS LTDA.
25996 | 153.31.76.37 | FBICJIS - FBI Criminal Justice Information
Systems
27064 | 199.208.2.73 | DDN-ASNBLK1 - DoD Network Information Center
27064 | 214.27.240.4 | DDN-ASNBLK1 - DoD Network Information Center
27064 | 33.178.174.97 | DDN-ASNBLK1 - DoD Network Information Center
27064 | 33.228.190.48 | DDN-ASNBLK1 - DoD Network Information Center
27064 | 33.247.66.176 | DDN-ASNBLK1 - DoD Network Information Center
27064 | 33.5.109.93 | DDN-ASNBLK1 - DoD Network Information Center
27064 | 33.51.147.27 | DDN-ASNBLK1 - DoD Network Information Center
27064 | 55.128.207.200 | DDN-ASNBLK1 - DoD Network Information Center
27064 | 55.180.224.7 | DDN-ASNBLK1 - DoD Network Information Center
27064 | 55.233.234.136 | DDN-ASNBLK1 - DoD Network Information Center
27064 | 55.248.35.80 | DDN-ASNBLK1 - DoD Network Information Center
27066 | 155.5.100.130 | DDN-ASNBLK1 - DoD Network Information Center
27699 | 201.42.209.124 | TELECOMUNICACOES DE SAO PAULO S/A - TELESP
27768 | 201.217.1.230 | CO.PA.CO.
27768 | 201.217.52.114 | CO.PA.CO.
28007 | 200.125.184.2 | Gold Data C.A.
28007 | 200.125.184.3 | Gold Data C.A.
28573 | 189.122.100.123 | NET Servicos de Comunicao S.A.
28573 | 201.6.250.126 | NET Servicos de Comunicao S.A.
28676 | 93.95.128.252 | WITCOM-AS WiTCOM GmbH Wiesbaden
29387 | 217.145.15.141 | EUROWEBMALTA Euroweb Ltd
29518 | 83.233.57.15 | SKYNET-AS Skycom Sweden
29854 | 68.169.41.122 | WESTHOST - WestHost, Inc.
29975 | 41.30.135.123 | VODACOM-ZA
30329 | 66.17.80.236 | SPARKPLUG-SOUTHWEST-LLC - Sparkplug
Southwest, LLC.
30597 | 152.138.206.50 | AMBEST-ASN - A.M. Best Company
31271 | 162.21.138.129 | RINGIER-AS Ringier AG/Informatik
Bruehlstrasse 5
31290 | 89.145.224.194 | MURPHX-UK-AS murphx UK Network
31399 | 53.12.102.129 | DAIMLER-AS Daimler Autonomous System
31399 | 53.133.194.189 | DAIMLER-AS Daimler Autonomous System
31399 | 53.160.93.136 | DAIMLER-AS Daimler Autonomous System
31399 | 53.195.102.226 | DAIMLER-AS Daimler Autonomous System
31399 | 53.223.205.26 | DAIMLER-AS Daimler Autonomous System
31399 | 53.42.103.49 | DAIMLER-AS Daimler Autonomous System
31399 | 53.47.174.79 | DAIMLER-AS Daimler Autonomous System
33287 | 69.244.127.79 | DNEO-OSP4 - Comcast Cable Communications, Inc.
33491 | 67.184.119.196 | DNEO-OSP7 - Comcast Cable Communications, Inc.
33651 | 24.4.244.204 | DNEO-OSP7 - Comcast Cable Communications, Inc.
35107 | 92.63.148.189 | WIMAX-AS WiMAX Telecom
35240 | 85.119.234.59 | HSBCPRIVATE Hsbc Private Bank
35470 | 79.170.93.40 | XL-AS XL Network
35736 | 91.107.92.181 | WUK-AS Wanadoo UK
36445 | 67.210.14.25 | INTERNET-PATH - Internet Path, Inc.
36647 | 67.195.22.48 | YAHOO-YSM-DEN - Yahoo
37918 | 129.60.25.112 | ECL-INET Nippon Telegraph and Telephone
Corporation
41587 | 141.200.92.181 | ATLAS-ELEKTRONIK ATLAS ELEKTRONIK GmbH
41976 | 213.168.51.54 | SZKTI-AS SZKTI AS
42669 | 77.242.184.2 | CORDAR_IT_BIELLA Cordar.it S.r.l. IT Dept.
43234 | 92.5.137.33 | CPWBBSERV-AS Carphone Warehouse Broadband
Services
43234 | 92.5.4.110 | CPWBBSERV-AS Carphone Warehouse Broadband
Services
43529 | 79.121.36.138 | VIDANET-AS ViDaNet Cable Television
Provider Ltd
44038 | 188.62.252.0 | BLUEWIN-AS Swisscom Fixnet AG
44088 | 93.169.61.215 | DORINEX-AS SC Dorinex Pord SRL
46512 | 165.6.153.171 | UT-MEDICAL-CENTER - University of Tennessee
Medical Center
47686 | 94.100.110.224 | BTV-AS-OWN Miksnet
- -------- Original Message --------
Subject: [nsp-sec] DNS Flood to Ultra
Date: Tue, 31 Mar 2009 10:24:20 -0400
From: Fouant, Stefan <Stefan.Fouant at neustar.biz>
To: <nsp-security at puck.nether.net>
References:
<alpine.DEB.1.00.0903172253580.12407 at h2.bcf-argzna.arg><ca0c9110903171829r30b3423ia682c3099d0d4821 at mail.gmail.com>
<alpine.DEB.1.00.0903180131540.12407 at h2.bcf-argzna.arg>
- ----------- nsp-security Confidential --------
Folks,
Our Ultra sites have been coming under a UDP DNS flood for several hours sustaining several hundred Mbps from what appears to be a large botnet, generating queries for silverdollar.com and gocasino.com. Looks like a dictionary attack. We're currently filtering it right and able to sustain business operations as usual, but the attack continues.
Wondering if any of you can take a look at any of the botnets and find out who might be behind this.
The ranges under attack are:
204.74.108.1/32
204.74.109.1/32
199.7.68.1/32
199.7.69.1/32
204.74.114.1/32
204.74.115.1/32
Thanks for any information any of you can provide,
Stefan Fouant: NeuStar, Inc.
Principal Network Engineer
46000 Center Oak Plaza Sterling, VA 20166 [ T ] +1 571 434 5656 [ M ] +1 202 210 2075 [ E ] stefan.fouant at neustar.biz [ W ] www.neustar.biz
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iEYEARECAAYFAknVKogACgkQi10dJIBjZIClZACg2btGsLtnKcgTwubOEk0ktKiX
WvQAoJp+s1C7ziJAAMHh/bZrD2itL1os
=Qstk
-----END PGP SIGNATURE-----
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________
---
The content contained in this electronic message is not intended to constitute
formation of a contract binding tw telecom. tw telecom will be contractually
bound only upon execution, by an authorized officer, of a contract including
agreed terms and conditions or by express application of its tariffs. This message
is intended only for the use of the individual or entity to which it is addressed. If
the reader of this message is not the intended recipient, or the employee or agent
responsible for delivering the message to the intended recipient, you are hereby
notified that any dissemination, distribution or copying of this message is strictly
prohibited. If you have received this communication in error, please notify us
immediately by replying to the sender of this E-Mail or by telephone.
More information about the nsp-security
mailing list