[nsp-sec] ACK RE: DNS Flood to Ultra - Updated list - looking for themalware
Matthew.Swaar at us-cert.gov
Matthew.Swaar at us-cert.gov
Thu Apr 2 18:03:31 EDT 2009
ACK
25996 | 153.31.76.37 | FBICJIS - FBI Criminal Justice Information
12037 | 167.176.178.74 | FDIC-GOV - Federal Depositors Insurance
V/R,
Matt Swaar
US-CERT Analyst
-----Original Message-----
From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Nicholas Ianelli
Sent: Thursday, April 02, 2009 5:14 PM
To: 'nsp-security NSP'
Subject: [nsp-sec] DNS Flood to Ultra - Updated list - looking for themalware
----------- nsp-security Confidential --------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team,
I have an updated list of ASNs still sending packets towards our DNS servers. Granted it is extremely less then before, but it is still occurring.
I am really trying to track down the malware. I am more than happy to speak with any of your customers, if this sounds doable, I'll pass you a phone number and you can have them call me if you want.
I have the actual flow if you need it, just drop me a line with the IP addresses in question and it's yours.
Targeting: 204.74.66.131 and 204.74.67.131 - port 53/UDP Date of traffic: 2009.04.02
Time: between 20:08 - 20:18 GMT
There are 555 ASNs represented in this list:
https://asn.cymru.com/nsp-sec/upload/1238706285.whois.txt
Bulk mode; whois.cymru.com [2009-04-02 21:04:45 +0000]
NA | 108.135.77.57 | NA
NA | 138.60.71.254 | NA
NA | 139.202.193.205 | NA
NA | 157.220.204.93 | NA
NA | 160.22.205.169 | NA
NA | 161.238.59.204 | NA
NA | 168.4.221.11 | NA
NA | 172.115.152.81 | NA
NA | 173.154.15.24 | NA
NA | 195.88.193.155 | NA
NA | 199.182.16.75 | NA
NA | 203.105.107.25 | NA
NA | 26.172.15.129 | NA
NA | 45.209.47.108 | NA
NA | 47.6.93.229 | NA
NA | 54.69.216.111 | NA
3 | 18.156.71.240 | MIT-GATEWAYS - Massachusetts Institute of
Technology
3 | 18.226.253.34 | MIT-GATEWAYS - Massachusetts Institute of
Technology
3 | 18.228.206.133 | MIT-GATEWAYS - Massachusetts Institute of
Technology
3 | 18.229.5.11 | MIT-GATEWAYS - Massachusetts Institute of
Technology
29 | 130.132.103.43 | YALE-AS - Yale University
71 | 15.131.186.89 | HP-INTERNET-AS Hewlett-Packard Company
71 | 15.167.59.66 | HP-INTERNET-AS Hewlett-Packard Company
71 | 15.228.167.213 | HP-INTERNET-AS Hewlett-Packard Company
71 | 16.199.23.101 | HP-INTERNET-AS Hewlett-Packard Company
71 | 16.51.18.93 | HP-INTERNET-AS Hewlett-Packard Company
80 | 3.227.184.14 | GE-CRD - General Electric Company
80 | 3.9.20.138 | GE-CRD - General Electric Company
81 | 152.51.4.122 | NCREN - MCNC
81 | 198.86.180.90 | NCREN - MCNC
174 | 130.117.240.52 | COGENT Cogent/PSI
174 | 149.94.52.11 | COGENT Cogent/PSI
174 | 38.185.33.219 | COGENT Cogent/PSI
174 | 38.33.25.178 | COGENT Cogent/PSI
174 | 38.60.158.131 | COGENT Cogent/PSI
174 | 66.132.74.66 | COGENT Cogent/PSI
209 | 204.234.204.125 | ASN-QWEST - Qwest Communications Corporation
209 | 67.2.1.19 | ASN-QWEST - Qwest Communications Corporation
237 | 35.202.111.139 | MERIT-AS-14 - Merit Network Inc.
237 | 35.40.147.196 | MERIT-AS-14 - Merit Network Inc.
278 | 132.247.182.148 | Red Academica de Mexico
286 | 62.25.3.41 | KPN KPN Internet Backbone AS
306 | 132.141.97.199 | DNIC - DoD Network Information Center
523 | 134.78.175.36 | REDSTONE-AS - Headquarters, USAISC
553 | 193.197.65.213 | BELWUE Landeshochschulnetz
Baden-Wuerttemberg (BelWue)
559 | 146.136.214.208 | SWITCH SWITCH, Swiss Education and Research
Network
668 | 134.240.221.17 | ASN-ASNET-NET-AS - Defense Research and
Engineering Network
680 | 134.61.174.83 | DFN-IP service G-WiN
680 | 137.248.77.236 | DFN-IP service G-WiN
680 | 141.25.191.252 | DFN-IP service G-WiN
701 | 152.210.185.144 | UUNET - MCI Communications Services, Inc.
d/b/a Verizon Business
701 | 162.91.205.114 | UUNET - MCI Communications Services, Inc.
d/b/a Verizon Business
701 | 206.80.164.35 | UUNET - MCI Communications Services, Inc.
d/b/a Verizon Business
701 | 207.26.192.134 | UUNET - MCI Communications Services, Inc.
d/b/a Verizon Business
701 | 208.208.149.130 | UUNET - MCI Communications Services, Inc.
d/b/a Verizon Business
701 | 63.102.38.120 | UUNET - MCI Communications Services, Inc.
d/b/a Verizon Business
701 | 63.16.75.69 | UUNET - MCI Communications Services, Inc.
d/b/a Verizon Business
701 | 63.19.98.173 | UUNET - MCI Communications Services, Inc.
d/b/a Verizon Business
702 | 137.174.248.70 | AS702 Verizon Business EMEA - Commercial IP
service provider in Europe
714 | 17.123.145.0 | APPLE-ENGINEERING - Apple Computer, Inc.
714 | 17.156.250.31 | APPLE-ENGINEERING - Apple Computer, Inc.
714 | 17.174.44.101 | APPLE-ENGINEERING - Apple Computer, Inc.
714 | 17.193.176.246 | APPLE-ENGINEERING - Apple Computer, Inc.
714 | 17.232.84.21 | APPLE-ENGINEERING - Apple Computer, Inc.
786 | 137.73.114.119 | JANET The JANET IP Service
786 | 148.197.237.232 | JANET The JANET IP Service
786 | 193.61.224.200 | JANET The JANET IP Service
1101 | 145.209.251.164 | IP-EEND-AS IP-EEND BV
1103 | 145.107.2.21 | SURFNET-NL SURFnet, The Netherlands
1103 | 145.122.161.246 | SURFNET-NL SURFnet, The Netherlands
1128 | 130.161.73.45 | TUDELFT-NL DTO TUDELFT, The Netherlands - AS
1221 | 120.150.38.159 | ASN-TELSTRA Telstra Pty Ltd
1221 | 124.181.69.53 | ASN-TELSTRA Telstra Pty Ltd
1226 | 158.96.38.219 | TEALE-AS - Teale Data Center
1239 | 208.23.185.85 | SPRINTLINK - Sprint
1267 | 151.51.110.145 | ASN-INFOSTRADA Infostrada S.p.A.
1267 | 151.56.30.247 | ASN-INFOSTRADA Infostrada S.p.A.
1476 | 144.99.201.176 | ASNBLK1474-1477 - Headquarters, USAISC
1668 | 149.174.249.158 | AOL-ATDN - AOL Transit Data Network
1668 | 172.196.72.21 | AOL-ATDN - AOL Transit Data Network
1668 | 172.199.58.100 | AOL-ATDN - AOL Transit Data Network
1742 | 131.142.177.190 | HARVARD-UNIV - Harvard University
1785 | 209.253.49.232 | AS-PAETEC-NET - PaeTec Communications, Inc.
1840 | 140.148.218.204 | Universidad de las Americas
1889 | 16.0.181.195 | HP-EUROPE-AS Hewlett-Packard Company
1901 | 194.118.190.131 | EUNETAT-AS eTel Austria Gesmbh u. CO KG
2018 | 152.106.2.210 | TENET-1
2049 | 157.247.202.47 | AVL-GRAZ AVL List GmbH
2269 | 160.228.107.35 | FR-U-PARISSUD-ORSAY FR
2379 | 204.215.43.2 | EMBARQ-WNPK - Embarq Corporation
2386 | 167.178.214.96 | INS-AS - AT&T Data Communications Services
2506 | 160.245.64.48 | CSI NTT WEST CHUGOKU CORPORATION
2511 | 163.138.111.21 | CORE NTT
2516 | 125.55.34.21 | KDDI KDDI CORPORATION
2634 | 174.42.28.27 | ALLTEL - ALLTEL Corporation
2647 | 57.179.72.203 | SITA SITA
2647 | 57.75.113.227 | SITA SITA
2685 | 32.115.120.50 | ASATTCA AT&T Global Network Services - CA
2686 | 32.183.124.73 | AT&T Global Network Services - EMEA
2686 | 32.221.141.180 | AT&T Global Network Services - EMEA
2686 | 32.95.84.199 | AT&T Global Network Services - EMEA
2856 | 62.172.153.141 | BT-UK-AS BTnet UK Regional network
2856 | 86.136.218.146 | BT-UK-AS BTnet UK Regional network
2856 | 86.141.122.28 | BT-UK-AS BTnet UK Regional network
2914 | 198.104.184.168 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.
2914 | 204.201.98.239 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.
2914 | 205.146.112.52 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.
2914 | 207.97.24.76 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.
2914 | 209.59.43.81 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.
2914 | 61.213.177.5 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.
2920 | 156.3.254.233 | LACOE - Los Angeles County Office of Education
3112 | 129.137.122.3 | OARNET-AS-1 - OARnet
3209 | 138.200.245.14 | ARCOR-AS Arcor IP-Network
3209 | 188.111.62.252 | ARCOR-AS Arcor IP-Network
3215 | 81.250.77.203 | AS3215 France Telecom - Orange
3215 | 82.127.24.230 | AS3215 France Telecom - Orange
3215 | 90.39.163.176 | AS3215 France Telecom - Orange
3269 | 82.188.214.127 | ASN-IBSNAZ TELECOM ITALIA
3301 | 193.45.222.207 | TELIANET-SWEDEN TeliaNet Sweden
3301 | 217.215.165.182 | TELIANET-SWEDEN TeliaNet Sweden
3301 | 78.67.16.192 | TELIANET-SWEDEN TeliaNet Sweden
3301 | 90.231.161.128 | TELIANET-SWEDEN TeliaNet Sweden
3303 | 193.8.196.93 | SWISSCOM Swisscom (Switzerland) Ltd
3320 | 217.226.222.53 | DTAG Deutsche Telekom AG
3320 | 79.213.192.24 | DTAG Deutsche Telekom AG
3320 | 79.221.155.40 | DTAG Deutsche Telekom AG
3320 | 79.248.57.113 | DTAG Deutsche Telekom AG
3320 | 80.147.246.6 | DTAG Deutsche Telekom AG
3320 | 87.148.106.237 | DTAG Deutsche Telekom AG
3320 | 87.181.37.32 | DTAG Deutsche Telekom AG
3320 | 93.207.64.241 | DTAG Deutsche Telekom AG
3329 | 79.166.17.58 | Hellas Online SA
3352 | 79.145.64.124 | TELEFONICA-DATA-ESPANA Internet Access
Network of TDE
3352 | 81.34.21.2 | TELEFONICA-DATA-ESPANA Internet Access
Network of TDE
3352 | 88.19.17.161 | TELEFONICA-DATA-ESPANA Internet Access
Network of TDE
3356 | 4.245.78.207 | LEVEL3 Level 3 Communications
3356 | 4.64.226.189 | LEVEL3 Level 3 Communications
3356 | 4.68.25.3 | LEVEL3 Level 3 Communications
3356 | 8.58.84.224 | LEVEL3 Level 3 Communications
3356 | 8.82.131.29 | LEVEL3 Level 3 Communications
3360 | 20.37.78.132 | CSC-ASN - Computer Sciences Corporation
3462 | 220.131.59.128 | HINET Data Communication Business Group
3549 | 200.29.254.30 | GBLX Global Crossing Ltd.
3561 | 146.135.65.220 | SAVVIS - Savvis
3561 | 165.193.28.23 | SAVVIS - Savvis
3741 | 160.123.52.237 | IS
3816 | 190.254.167.22 | COLOMBIA TELECOMUNICACIONES S.A. ESP
3816 | 190.66.182.40 | COLOMBIA TELECOMUNICACIONES S.A. ESP
3816 | 200.21.123.82 | COLOMBIA TELECOMUNICACIONES S.A. ESP
4010 | 155.87.66.153 | CEEIS-ASN1 - DoD Network Information Center
4058 | 203.85.0.49 | LINKAGENET-AP CPCNet Hong Kong Ltd.
4134 | 113.69.62.221 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 113.98.51.6 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 115.203.33.50 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 118.122.76.135 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 121.226.181.90 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 121.229.210.242 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 124.31.66.79 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 218.13.94.170 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 219.151.138.67 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 222.187.24.11 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 58.60.132.193 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 60.175.173.161 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 60.177.115.91 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 60.182.191.186 | CHINANET-BACKBONE No.31,Jin-rong Street
4193 | 155.67.126.151 | WA-STATE-GOV - Department of Information
Services
4193 | 167.72.192.237 | WA-STATE-GOV - Department of Information
Services
4230 | 189.3.182.210 | Embratel
4230 | 189.52.126.254 | Embratel
4230 | 189.52.47.144 | Embratel
4230 | 200.241.244.4 | Embratel
4267 | 24.137.187.120 | CERNET-ASN-BLOCK - California Education and
Research Federation Network
4323 | 137.220.139.127 | TWTC - tw telecom holdings, inc.
4323 | 24.219.33.159 | TWTC - tw telecom holdings, inc.
4538 | 120.94.194.195 | ERX-CERNET-BKB China Education and Research
Network Center
4538 | 202.197.213.216 | ERX-CERNET-BKB China Education and Research
Network Center
4538 | 202.204.152.232 | ERX-CERNET-BKB China Education and Research
Network Center
4538 | 211.87.252.131 | ERX-CERNET-BKB China Education and Research
Network Center
4538 | 219.225.200.47 | ERX-CERNET-BKB China Education and Research
Network Center
4538 | 219.242.155.49 | ERX-CERNET-BKB China Education and Research
Network Center
4565 | 69.33.141.71 | MEGAPATH2-US - MegaPath Networks Inc.
4589 | 90.210.19.121 | EASYNET Easynet Global Services
4589 | 94.7.191.212 | EASYNET Easynet Global Services
4628 | 202.42.131.180 | ASN-PACIFIC-INTERNET-IX Pacific Internet Ltd
4685 | 121.1.132.32 | ASAHI-NET Asahi Net
4713 | 122.22.47.217 | OCN NTT Communications Corporation
4713 | 125.174.21.236 | OCN NTT Communications Corporation
4732 | 211.134.134.120 | DION KDDI CORPORATION
4766 | 115.17.139.135 | KIXS-AS-KR Korea Telecom
4766 | 119.217.197.120 | KIXS-AS-KR Korea Telecom
4766 | 125.141.228.5 | KIXS-AS-KR Korea Telecom
4766 | 125.142.60.128 | KIXS-AS-KR Korea Telecom
4766 | 220.90.168.37 | KIXS-AS-KR Korea Telecom
4766 | 221.148.183.28 | KIXS-AS-KR Korea Telecom
4766 | 221.155.38.33 | KIXS-AS-KR Korea Telecom
4766 | 222.118.233.161 | KIXS-AS-KR Korea Telecom
4780 | 211.74.82.204 | SEEDNET Digital United Inc.
4802 | 203.59.101.171 | ASN-IINET iiNet Limited
4812 | 114.95.185.162 | CHINANET-SH-AP China Telecom (Group)
4837 | 115.58.227.188 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 119.162.119.36 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 120.1.61.47 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 122.137.69.14 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 124.161.196.192 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 60.18.100.150 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4847 | 219.142.134.225 | CNIX-AP China Networks Inter-Exchange
5089 | 81.102.231.219 | NTL NTL Group Limited
5089 | 86.4.120.0 | NTL NTL Group Limited
5089 | 86.9.168.23 | NTL NTL Group Limited
5384 | 86.97.118.63 | EMIRATES-INTERNET Emirates Internet
5430 | 77.145.211.130 | FREENETDE freenet Cityline GmbH
5483 | 84.3.104.218 | HTC-AS Hungarian Telecom
5513 | 94.27.244.138 | TMH T-Mobile Hungary Co. Ltd.
5515 | 194.251.200.152 | TS-FINLAND-DATANET-OLD TS Finland DataNet
5619 | 139.115.249.5 | ERGO ErgoGroup AS
5619 | 155.55.211.77 | ERGO ErgoGroup AS
5713 | 196.43.54.190 | SAIX-NET
5713 | 41.146.161.228 | SAIX-NET
5713 | 41.241.151.89 | SAIX-NET
5769 | 24.200.136.79 | VIDEOTRON - Videotron Telecom Ltee
6147 | 190.232.164.108 | Telefonica del Peru S.A.A.
6147 | 190.232.251.244 | Telefonica del Peru S.A.A.
6147 | 190.233.59.231 | Telefonica del Peru S.A.A.
6147 | 190.40.27.145 | Telefonica del Peru S.A.A.
6147 | 190.41.15.197 | Telefonica del Peru S.A.A.
6147 | 190.42.74.56 | Telefonica del Peru S.A.A.
6147 | 190.43.107.180 | Telefonica del Peru S.A.A.
6147 | 190.43.115.73 | Telefonica del Peru S.A.A.
6147 | 200.121.173.194 | Telefonica del Peru S.A.A.
6147 | 200.121.237.76 | Telefonica del Peru S.A.A.
6147 | 200.48.228.217 | Telefonica del Peru S.A.A.
6147 | 200.48.230.194 | Telefonica del Peru S.A.A.
6147 | 201.230.102.99 | Telefonica del Peru S.A.A.
6147 | 201.230.153.200 | Telefonica del Peru S.A.A.
6147 | 201.230.158.52 | Telefonica del Peru S.A.A.
6147 | 201.230.200.224 | Telefonica del Peru S.A.A.
6167 | 66.174.95.211 | CELLCO-PART - Cellco Partnership
6167 | 97.18.207.116 | CELLCO-PART - Cellco Partnership
6167 | 97.186.95.122 | CELLCO-PART - Cellco Partnership
6167 | 97.236.198.33 | CELLCO-PART - Cellco Partnership
6167 | 97.53.46.162 | CELLCO-PART - Cellco Partnership
6189 | 169.156.242.42 | EPFL-AS - Enoch-Pratt Free Library
6327 | 24.76.160.170 | SHAW - Shaw Communications Inc.
6327 | 70.70.52.90 | SHAW - Shaw Communications Inc.
6384 | 74.228.237.115 | BELLSOUTH-NET-BLK - BellSouth.net Inc.
6389 | 170.181.145.219 | BELLSOUTH-NET-BLK - BellSouth.net Inc.
6389 | 205.152.144.35 | BELLSOUTH-NET-BLK - BellSouth.net Inc.
6389 | 72.154.236.208 | BELLSOUTH-NET-BLK - BellSouth.net Inc.
6400 | 200.88.127.23 | CompañÃa Dominicana de Teléfonos, C. por
A. - CODETEL
6400 | 66.98.21.244 | CompañÃa Dominicana de Teléfonos, C. por
A. - CODETEL
6412 | 168.187.219.197 | KW KEMS
6458 | 190.148.148.49 | Telgua
6458 | 190.148.96.125 | Telgua
6471 | 200.49.21.53 | ENTEL CHILE S.A.
6535 | 190.208.65.14 | Telmex Servicios Empresariales S.A.
6619 | 121.253.161.76 | SAMSUNGNETWORKS-AS-KR Samsung Networks Inc.
6621 | 66.82.4.23 | HNS-DIRECPC - Hughes Network Systems
6621 | 66.82.4.26 | HNS-DIRECPC - Hughes Network Systems
6621 | 66.82.4.27 | HNS-DIRECPC - Hughes Network Systems
6621 | 67.142.207.8 | HNS-DIRECPC - Hughes Network Systems
6663 | 86.106.170.58 | EUROWEBRO Euroweb Romania SA
6713 | 62.251.249.102 | IAM-AS
6785 | 94.148.127.203 | CYBERCITY Cybercity A/S
6805 | 217.184.214.221 | TDDE-ASN1 Telefonica Deutschland Autonomous
System
6805 | 217.48.135.23 | TDDE-ASN1 Telefonica Deutschland Autonomous
System
6830 | 84.115.69.23 | UPC UPC Broadband
6830 | 85.127.126.157 | UPC UPC Broadband
6848 | 193.149.249.1 | TELENET-AS Telenet Operaties N.V.
7015 | 76.19.232.229 | CCCH-AS2 - Comcast Cable Communications
Holdings, Inc
7018 | 12.157.75.113 | ATT-INTERNET4 - AT&T WorldNet Services
7018 | 12.92.102.233 | ATT-INTERNET4 - AT&T WorldNet Services
7018 | 98.102.94.90 | ATT-INTERNET4 - AT&T WorldNet Services
7029 | 166.102.254.9 | WINDSTREAM - Windstream Communications Inc
7132 | 139.125.183.178 | SBIS-AS - AT&T Internet Services
7132 | 63.200.156.93 | SBIS-AS - AT&T Internet Services
7132 | 67.113.196.65 | SBIS-AS - AT&T Internet Services
7132 | 99.132.137.67 | SBIS-AS - AT&T Internet Services
7303 | 190.138.102.66 | Telecom Argentina S.A.
7303 | 190.138.110.162 | Telecom Argentina S.A.
7303 | 190.138.80.18 | Telecom Argentina S.A.
7303 | 190.139.11.153 | Telecom Argentina S.A.
7303 | 190.224.121.67 | Telecom Argentina S.A.
7303 | 190.225.198.117 | Telecom Argentina S.A.
7303 | 190.31.200.225 | Telecom Argentina S.A.
7303 | 200.117.119.211 | Telecom Argentina S.A.
7303 | 200.43.223.194 | Telecom Argentina S.A.
7303 | 200.45.4.179 | Telecom Argentina S.A.
7377 | 44.129.27.74 | UCSD - University of California at San Diego
7377 | 44.149.74.214 | UCSD - University of California at San Diego
7377 | 44.186.50.66 | UCSD - University of California at San Diego
7377 | 44.192.122.185 | UCSD - University of California at San Diego
7377 | 44.64.71.109 | UCSD - University of California at San Diego
7377 | 44.88.100.248 | UCSD - University of California at San Diego
7395 | 66.224.80.213 | INTEGRATELECOM - Integra Telecom, Inc.
7418 | 190.20.0.40 | Terra Networks Chile S.A.
7418 | 190.20.142.19 | Terra Networks Chile S.A.
7418 | 190.20.229.37 | Terra Networks Chile S.A.
7418 | 190.20.3.85 | Terra Networks Chile S.A.
7418 | 190.21.34.81 | Terra Networks Chile S.A.
7418 | 190.22.116.239 | Terra Networks Chile S.A.
7418 | 190.22.145.43 | Terra Networks Chile S.A.
7418 | 190.22.152.91 | Terra Networks Chile S.A.
7418 | 190.82.23.55 | Terra Networks Chile S.A.
7418 | 200.28.88.181 | Terra Networks Chile S.A.
7418 | 201.223.172.222 | Terra Networks Chile S.A.
7418 | 201.223.39.12 | Terra Networks Chile S.A.
7418 | 201.246.147.214 | Terra Networks Chile S.A.
7418 | 201.246.95.169 | Terra Networks Chile S.A.
7482 | 222.157.7.241 | APOL-AS Asia Pacific On-line Service Inc.
7575 | 141.132.157.174 | AARNET-AS-AP Australian Academic and
Reasearch Network (AARNet)
7725 | 24.99.133.100 | CCH-AS7 - Comcast Cable Communications
Holdings, Inc
7725 | 68.87.68.164 | CCH-AS7 - Comcast Cable Communications
Holdings, Inc
7725 | 98.192.56.246 | CCH-AS7 - Comcast Cable Communications
Holdings, Inc
7738 | 187.12.49.137 | Telecomunicacoes da Bahia S.A.
7738 | 201.59.51.74 | Telecomunicacoes da Bahia S.A.
7738 | 201.78.248.195 | Telecomunicacoes da Bahia S.A.
7743 | 159.53.136.128 | B1C-AS - Banc One Service Corp
7795 | 67.221.96.122 | NTELOSINC - Ntelos Inc.
7922 | 73.140.142.227 | COMCAST - Comcast Cable Communications, Inc.
7922 | 73.222.141.13 | COMCAST - Comcast Cable Communications, Inc.
7922 | 73.52.0.69 | COMCAST - Comcast Cable Communications, Inc.
7922 | 73.60.222.132 | COMCAST - Comcast Cable Communications, Inc.
7922 | 73.88.115.98 | COMCAST - Comcast Cable Communications, Inc.
7922 | 73.95.13.136 | COMCAST - Comcast Cable Communications, Inc.
7922 | 96.129.117.46 | COMCAST - Comcast Cable Communications, Inc.
7922 | 96.190.107.134 | COMCAST - Comcast Cable Communications, Inc.
8048 | 190.201.226.198 | CANTV Servicios, Venezuela
8048 | 190.205.127.8 | CANTV Servicios, Venezuela
8048 | 190.72.114.209 | CANTV Servicios, Venezuela
8048 | 190.72.193.180 | CANTV Servicios, Venezuela
8048 | 190.75.130.245 | CANTV Servicios, Venezuela
8048 | 190.76.95.97 | CANTV Servicios, Venezuela
8048 | 200.11.153.68 | CANTV Servicios, Venezuela
8048 | 200.11.153.69 | CANTV Servicios, Venezuela
8048 | 200.11.153.70 | CANTV Servicios, Venezuela
8048 | 200.11.153.71 | CANTV Servicios, Venezuela
8048 | 200.11.153.72 | CANTV Servicios, Venezuela
8048 | 200.11.248.12 | CANTV Servicios, Venezuela
8048 | 201.211.0.37 | CANTV Servicios, Venezuela
8065 | 190.29.0.24 | EPM Telecomunicaciones S.A. E.S.P.
8065 | 200.75.80.137 | EPM Telecomunicaciones S.A. E.S.P.
8151 | 148.212.135.190 | Uninet S.A. de C.V.
8151 | 189.158.234.249 | Uninet S.A. de C.V.
8151 | 201.100.52.244 | Uninet S.A. de C.V.
8151 | 201.121.216.211 | Uninet S.A. de C.V.
8167 | 189.10.54.242 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 200.103.134.67 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 201.10.124.1 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 201.10.124.13 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 201.10.124.3 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 201.10.124.5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 201.10.124.9 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 201.10.132.14 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 201.10.132.8 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 201.15.137.54 | TELESC - Telecomunicacoes de Santa Catarina SA
8196 | 212.6.198.91 | CLARANETDE Claranet Deutschland GmbH
8228 | 78.120.126.198 | CEGETEL-AS CEGETEL ENTREPRISES
8319 | 212.218.121.72 | NETHINKS-AS NETHINKS GmbH
8365 | 130.83.176.180 | MANDA MANDA
8402 | 195.14.55.116 | CORBINA-AS Corbina Telecom
8426 | 212.6.198.91 | CLARANET-AS ClaraNET
8447 | 62.46.89.38 | TELEKOM-AT Telekom Austria AutonomousSystem
8626 | 212.80.207.168 | R.I.T.A. authonomous system
8764 | 78.61.140.41 | TEOLTAB TEO LT AB Autonomous System
8858 | 195.54.36.50 | EUROIP - SOFT Internet Provider
8912 | 212.53.81.12 | NETBENEFIT Group NBT plc (formaly NetBenefit)
9116 | 83.130.100.80 | GOLDENLINES-ASN Golden Lines Main
Autonomous System
9121 | 85.104.126.31 | TTNET TTnet Autonomous System
9121 | 88.229.145.23 | TTNET TTnet Autonomous System
9143 | 83.83.180.109 | ZIGGO Ziggo - tv, internet, telefoon
9143 | 84.27.178.193 | ZIGGO Ziggo - tv, internet, telefoon
9318 | 116.125.16.145 | HANARO-AS Hanaro Telecom Inc.
9318 | 211.208.155.91 | HANARO-AS Hanaro Telecom Inc.
9318 | 211.58.132.134 | HANARO-AS Hanaro Telecom Inc.
9318 | 222.234.37.183 | HANARO-AS Hanaro Telecom Inc.
9394 | 222.42.10.153 | CRNET CHINA RAILWAY Internet(CRNET)
9415 | 218.35.122.217 | ETWEBS-AS1-AP ETWebs Taiwan Co. Ltd.
9416 | 219.71.8.93 | MULTIMEDIA-AS-AP Hoshin Multimedia Center Inc.
9800 | 211.90.160.159 | UNICOM CHINA UNICOM
9806 | 117.106.205.165 | BJENET Beijing Educational Information
Network Service Center Co., Ltd
10199 | 115.118.238.142 | TATA-AS Tata Communications Ltd
10396 | 72.50.78.101 | COQUI-NET - DATACOM CARIBE, INC.
10455 | 135.250.248.160 | LUCENT-CIO - Lucent Technologies Inc.
10583 | 170.163.173.202 | CHIME - Connecticut Hospital Assoc.
10796 | 75.180.80.180 | SCRR-10796 - Road Runner HoldCo LLC
11003 | 131.190.150.140 | PANDG - The Procter & Gamble Company
11232 | 24.220.0.11 | MIDCO-NET - Midcontinent Media, Inc.
11351 | 137.36.33.234 | RR-NYSREGION-ASN-01 - Road Runner HoldCo LLC
11351 | 67.240.32.215 | RR-NYSREGION-ASN-01 - Road Runner HoldCo LLC
11426 | 75.176.111.26 | SCRR-11426 - Road Runner HoldCo LLC
11427 | 70.115.197.40 | SCRR-11427 - Road Runner HoldCo LLC
11489 | 142.85.83.57 | BACI - Bell Canada
11714 | 204.234.204.125 | ASN-UNEB - University of Nebraska Central
Administration
11830 | 201.199.46.197 | Instituto Costarricense de Electricidad y
Telecom.
11844 | 189.85.175.180 | Newsite Informatica Ltda
12037 | 167.176.178.74 | FDIC-GOV - Federal Depositors Insurance
Corporation (FDIC)
12066 | 200.42.213.11 | TRICOM
12301 | 81.0.91.33 | INVITEL Invitel, Hungary
12357 | 95.62.1.112 | COMUNITEL Comunitel Global Autonomous System
12479 | 85.58.51.47 | UNI2-AS Uni2 Autonomous System
12582 | 151.105.230.179 | TSF-DATANET-NGD-AS TSF MPLS VPN Services
12715 | 87.221.93.229 | JAZZNET Jazz Telecom S.A.
12715 | 95.17.87.141 | JAZZNET Jazz Telecom S.A.
12912 | 62.152.133.82 | ERA Era Autonomous System
13184 | 92.231.103.11 | HANSENET HanseNet Telekommunikation GmbH
13343 | 72.17.11.61 | SCRR-13343 - Road Runner HoldCo LLC
13381 | 200.112.249.38 | CMET SACI
13432 | 68.104.73.228 | ASN-CXA-LV-13432-CBS - Cox Communications Inc.
13489 | 190.28.209.170 | EPM Telecomunicaciones S.A. E.S.P.
13567 | 165.28.21.56 | KMB1 - Kimberly-Clark Corporation
13999 | 189.195.0.232 | MegaCable SA de CV
14187 | 200.85.237.8 | COMSAT COLOMBIA
14207 | 155.53.83.140 | REDBACK - Redback Networks, Inc
14420 | 200.107.60.58 | ANDINATEL S.A.
14496 | 130.27.236.226 | AGILENT-AS - Agilent Technologies
14496 | 148.5.148.112 | AGILENT-AS - Agilent Technologies
14618 | 174.129.124.234 | AMAZON-AES - Amazon.com, Inc.
14725 | 168.247.129.120 | KEMPER-TECHSERVICES - Kemper Insurance
Companies
14832 | 208.80.164.15 | NETWORKUSA - Network USA L.L.C
15111 | 167.250.179.20 | HERMANMILLER - Herman Miller, Inc.
15267 | 138.129.236.224 | 702COM - 702 communications
15557 | 84.97.93.194 | LDCOMNET NEUF CEGETEL (formerly LDCOM NETWORKS)
15802 | 94.200.205.134 | DU-AS1 Emirates Integrated
Telecommunications Company PJSC (EITC-DU)
16338 | 81.184.217.44 | AUNA_TELECOM-AS Cableuropa - ONO
16399 | 168.93.101.46 | FIRSTCOMM-AS2 - First Communications LLC
16422 | 66.178.31.205 | NEWSKIES-NETWORKS - New Skies Satellites, Inc.
16422 | 66.178.44.187 | NEWSKIES-NETWORKS - New Skies Satellites, Inc.
16732 | 200.59.32.100 | VELOCOM
17511 | 121.84.183.90 | K-OPTICOM K-Opticom Corporation
17511 | 121.87.82.228 | K-OPTICOM K-Opticom Corporation
17561 | 167.30.0.160 | SERVICENET-AP Internet service provision to
Western
17638 | 221.239.101.36 | CHINATELECOM-TJ-AS-AP ASN for TIANJIN
Provincial Net of CT
17676 | 218.137.130.54 | GIGAINFRA BB TECHNOLOGY Corp.
17676 | 219.208.168.19 | GIGAINFRA BB TECHNOLOGY Corp.
17676 | 221.30.242.100 | GIGAINFRA BB TECHNOLOGY Corp.
17676 | 221.54.129.124 | GIGAINFRA BB TECHNOLOGY Corp.
17707 | 125.6.162.159 | EDGE-JP-AP AS for DATAHOTEL, which is one
of iDC in Japan,
17816 | 112.95.15.84 | CHINA169-GZ CNCGROUP IP network China169
Guangzhou MAN
17849 | 117.123.229.178 | GINAMHANVIT-AS-KR hanvit ginam broadcasting
comm.
17858 | 116.35.175.28 | KRNIC-ASBLOCK-AP KRNIC
17858 | 119.67.107.123 | KRNIC-ASBLOCK-AP KRNIC
17858 | 125.188.185.82 | KRNIC-ASBLOCK-AP KRNIC
17858 | 125.191.206.151 | KRNIC-ASBLOCK-AP KRNIC
17858 | 58.78.86.27 | KRNIC-ASBLOCK-AP KRNIC
17974 | 203.130.232.149 | TELKOMNET-AS2-AP PT Telekomunikasi Indonesia
18077 | 122.250.250.147 | C-ABLE Yamaguchi Cable Vision Co.,Ltd
18127 | 163.42.23.227 | TSUKUBA-WAN Tsukuba-WAN Network
18291 | 120.18.34.18 | VFAU-NET-AS Vodafone Australia Public
Autonomous System Number
18291 | 120.21.60.33 | VFAU-NET-AS Vodafone Australia Public
Autonomous System Number
18302 | 58.102.252.152 | SKG_NW-AS-KR SK Global co., Ltd
18385 | 203.77.167.15 | KDDI-AS-AP KDDI Australia Pty. Ltd.
18566 | 68.167.41.85 | COVAD - Covad Communications Co.
18747 | 190.60.90.50 | IFX-NW - IFX Communication Ventures, Inc.
18807 | 64.88.135.25 | SPEEDHOST-1 - SpeedHosting Inc
19262 | 141.153.20.198 | VZGNI-TRANSIT - Verizon Internet Services Inc.
19262 | 66.12.58.140 | VZGNI-TRANSIT - Verizon Internet Services Inc.
19429 | 190.24.213.248 | ETB - Colombia
19429 | 190.24.214.208 | ETB - Colombia
19429 | 190.24.55.238 | ETB - Colombia
19429 | 190.26.164.254 | ETB - Colombia
19429 | 200.119.44.6 | ETB - Colombia
19429 | 201.244.163.113 | ETB - Colombia
19429 | 201.244.218.116 | ETB - Colombia
20001 | 76.173.71.171 | ROADRUNNER-WEST - Road Runner HoldCo LLC
20057 | 32.161.113.206 | AT&T Wireless Service
20057 | 32.168.172.40 | AT&T Wireless Service
20057 | 32.169.7.107 | AT&T Wireless Service
20115 | 24.207.138.107 | CHARTER-NET-HKY-NC - Charter Communications
20115 | 96.41.135.189 | CHARTER-NET-HKY-NC - Charter Communications
20504 | 217.118.169.23 | RTL-AS RTL-AS
20838 | 92.58.33.10 | YIF-AS YIF Autonomous System
21508 | 71.62.82.26 | CCCH-AS5 - Comcast Cable Communications
Holdings, Inc
21637 | 204.124.161.148 | BROADBANDIP - Broadband IP, Inc.
21788 | 64.191.9.15 | NOC - Network Operations Center Inc.
21844 | 174.120.73.62 | THEPLANET-AS - ThePlanet.com Internet
Services, Inc.
22047 | 200.74.121.177 | VTR BANDA ANCHA S.A.
22047 | 200.86.39.136 | VTR BANDA ANCHA S.A.
22085 | 187.24.69.32 | Telet S.A.
22226 | 156.1.19.67 | SFUSD - San Francisco Unified School District
22300 | 216.83.58.234 | WIKIA - Wikia, Inc.
22368 | 190.13.43.198 | TELEBUCARAMANGA S.A. E.S.P.
22368 | 190.96.183.110 | TELEBUCARAMANGA S.A. E.S.P.
22689 | 200.155.43.49 | Internet By Sercomtel Ltda
22773 | 68.104.240.25 | ASN-CXA-ALL-CCI-22773-RDC - Cox
Communications Inc.
22773 | 72.198.26.203 | ASN-CXA-ALL-CCI-22773-RDC - Cox
Communications Inc.
22773 | 98.172.30.38 | ASN-CXA-ALL-CCI-22773-RDC - Cox
Communications Inc.
22927 | 190.174.70.55 | Telefonica de Argentina
22927 | 190.177.193.59 | Telefonica de Argentina
22927 | 190.50.167.60 | Telefonica de Argentina
22927 | 201.251.225.98 | Telefonica de Argentina
23243 | 200.49.160.31 | COMCEL GUATEMALA S.A.
23504 | 69.17.16.135 | SPEAKEASY - Speakeasy, Inc.
23846 | 58.15.177.162 | JNGDN-AS-AP Jinan Radio &TV Wellunited
24139 | 218.108.147.96 | CNNIC-WASU-AP WASU TV & Communication
Holding Co.,Ltd.
24444 | 218.201.182.222 | CMNET-V4SHANDONG-AS-AP Shandong Mobile
Communication Company Limited
24698 | 93.102.62.108 | OPTIMUS-AS Optimus Portugal
25229 | 82.144.200.195 | VOLIA-AS Volia Autonomous System
25229 | 93.74.96.42 | VOLIA-AS Volia Autonomous System
25620 | 190.186.49.208 | COTAS LTDA.
25620 | 190.186.82.152 | COTAS LTDA.
25620 | 201.222.108.166 | COTAS LTDA.
25996 | 153.31.76.37 | FBICJIS - FBI Criminal Justice Information
Systems
27064 | 199.208.2.73 | DDN-ASNBLK1 - DoD Network Information Center
27064 | 214.27.240.4 | DDN-ASNBLK1 - DoD Network Information Center
27064 | 33.178.174.97 | DDN-ASNBLK1 - DoD Network Information Center
27064 | 33.228.190.48 | DDN-ASNBLK1 - DoD Network Information Center
27064 | 33.247.66.176 | DDN-ASNBLK1 - DoD Network Information Center
27064 | 33.5.109.93 | DDN-ASNBLK1 - DoD Network Information Center
27064 | 33.51.147.27 | DDN-ASNBLK1 - DoD Network Information Center
27064 | 55.128.207.200 | DDN-ASNBLK1 - DoD Network Information Center
27064 | 55.180.224.7 | DDN-ASNBLK1 - DoD Network Information Center
27064 | 55.233.234.136 | DDN-ASNBLK1 - DoD Network Information Center
27064 | 55.248.35.80 | DDN-ASNBLK1 - DoD Network Information Center
27066 | 155.5.100.130 | DDN-ASNBLK1 - DoD Network Information Center
27699 | 201.42.209.124 | TELECOMUNICACOES DE SAO PAULO S/A - TELESP
27768 | 201.217.1.230 | CO.PA.CO.
27768 | 201.217.52.114 | CO.PA.CO.
28007 | 200.125.184.2 | Gold Data C.A.
28007 | 200.125.184.3 | Gold Data C.A.
28573 | 189.122.100.123 | NET Servicos de Comunicao S.A.
28573 | 201.6.250.126 | NET Servicos de Comunicao S.A.
28676 | 93.95.128.252 | WITCOM-AS WiTCOM GmbH Wiesbaden
29387 | 217.145.15.141 | EUROWEBMALTA Euroweb Ltd
29518 | 83.233.57.15 | SKYNET-AS Skycom Sweden
29854 | 68.169.41.122 | WESTHOST - WestHost, Inc.
29975 | 41.30.135.123 | VODACOM-ZA
30329 | 66.17.80.236 | SPARKPLUG-SOUTHWEST-LLC - Sparkplug
Southwest, LLC.
30597 | 152.138.206.50 | AMBEST-ASN - A.M. Best Company
31271 | 162.21.138.129 | RINGIER-AS Ringier AG/Informatik
Bruehlstrasse 5
31290 | 89.145.224.194 | MURPHX-UK-AS murphx UK Network
31399 | 53.12.102.129 | DAIMLER-AS Daimler Autonomous System
31399 | 53.133.194.189 | DAIMLER-AS Daimler Autonomous System
31399 | 53.160.93.136 | DAIMLER-AS Daimler Autonomous System
31399 | 53.195.102.226 | DAIMLER-AS Daimler Autonomous System
31399 | 53.223.205.26 | DAIMLER-AS Daimler Autonomous System
31399 | 53.42.103.49 | DAIMLER-AS Daimler Autonomous System
31399 | 53.47.174.79 | DAIMLER-AS Daimler Autonomous System
33287 | 69.244.127.79 | DNEO-OSP4 - Comcast Cable Communications, Inc.
33491 | 67.184.119.196 | DNEO-OSP7 - Comcast Cable Communications, Inc.
33651 | 24.4.244.204 | DNEO-OSP7 - Comcast Cable Communications, Inc.
35107 | 92.63.148.189 | WIMAX-AS WiMAX Telecom
35240 | 85.119.234.59 | HSBCPRIVATE Hsbc Private Bank
35470 | 79.170.93.40 | XL-AS XL Network
35736 | 91.107.92.181 | WUK-AS Wanadoo UK
36445 | 67.210.14.25 | INTERNET-PATH - Internet Path, Inc.
36647 | 67.195.22.48 | YAHOO-YSM-DEN - Yahoo
37918 | 129.60.25.112 | ECL-INET Nippon Telegraph and Telephone
Corporation
41587 | 141.200.92.181 | ATLAS-ELEKTRONIK ATLAS ELEKTRONIK GmbH
41976 | 213.168.51.54 | SZKTI-AS SZKTI AS
42669 | 77.242.184.2 | CORDAR_IT_BIELLA Cordar.it S.r.l. IT Dept.
43234 | 92.5.137.33 | CPWBBSERV-AS Carphone Warehouse Broadband
Services
43234 | 92.5.4.110 | CPWBBSERV-AS Carphone Warehouse Broadband
Services
43529 | 79.121.36.138 | VIDANET-AS ViDaNet Cable Television
Provider Ltd
44038 | 188.62.252.0 | BLUEWIN-AS Swisscom Fixnet AG
44088 | 93.169.61.215 | DORINEX-AS SC Dorinex Pord SRL
46512 | 165.6.153.171 | UT-MEDICAL-CENTER - University of Tennessee
Medical Center
47686 | 94.100.110.224 | BTV-AS-OWN Miksnet
- -------- Original Message --------
Subject: [nsp-sec] DNS Flood to Ultra
Date: Tue, 31 Mar 2009 10:24:20 -0400
From: Fouant, Stefan <Stefan.Fouant at neustar.biz>
To: <nsp-security at puck.nether.net>
References:
<alpine.DEB.1.00.0903172253580.12407 at h2.bcf-argzna.arg><ca0c9110903171829r30b3423ia682c3099d0d4821 at mail.gmail.com>
<alpine.DEB.1.00.0903180131540.12407 at h2.bcf-argzna.arg>
- ----------- nsp-security Confidential --------
Folks,
Our Ultra sites have been coming under a UDP DNS flood for several hours sustaining several hundred Mbps from what appears to be a large botnet, generating queries for silverdollar.com and gocasino.com. Looks like a dictionary attack. We're currently filtering it right and able to sustain business operations as usual, but the attack continues.
Wondering if any of you can take a look at any of the botnets and find out who might be behind this.
The ranges under attack are:
204.74.108.1/32
204.74.109.1/32
199.7.68.1/32
199.7.69.1/32
204.74.114.1/32
204.74.115.1/32
Thanks for any information any of you can provide,
Stefan Fouant: NeuStar, Inc.
Principal Network Engineer
46000 Center Oak Plaza Sterling, VA 20166 [ T ] +1 571 434 5656 [ M ] +1 202 210 2075 [ E ] stefan.fouant at neustar.biz [ W ] www.neustar.biz
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iEYEARECAAYFAknVKogACgkQi10dJIBjZIClZACg2btGsLtnKcgTwubOEk0ktKiX
WvQAoJp+s1C7ziJAAMHh/bZrD2itL1os
=Qstk
-----END PGP SIGNATURE-----
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________
More information about the nsp-security
mailing list