[nsp-sec] DDoS targetting AS 38887
Zane Jarvis
zane at auscert.org.au
Mon Aug 10 03:32:49 EDT 2009
Hi all,
An Australian NSP is undergoing a UDP DDoS attack currently. It is likely
that the sources are spoofed but if you could check for flows to this that
would be appreciated. Attached is the list of sources recorded by their
logs.
Target:
AS | IP | AS Name
38887 | 202.45.155.46 | INTICON-AS-AP Inticon AS. Wholesale service
provider. Australia
Source ASNs:
15493 | RUSCOMP-AS Autonomous System for JSC _Russian Company_ network
19235 | HOSTING-COM - WCP/32POINTS INTERMEDIATE HOLDING COMPANY, INC.
26277 | PREMIANET - A+Hosting, Inc.
3340 | GTS-DATANET-AS DataNet Telecommunication Ltd.
33991 | JSCSKALA-AS JSC Skala Autonomous System
8972 | PLUSSERVER-AS PlusServer AG, Germany
9931 | CAT-AP The Communication Authoity of Thailand, CAT
Also, as always, it would be appreciated if you can get malware or tell us
the C&C if you have these details.
Kind regards,
Zane.
---
Zane Jarvis, Computer Security Analyst | Hotline: +61 7 3365 4417
AusCERT, Australia's national CERT | Fax: +61 7 3365 7031
The University of Queensland | WWW: www.auscert.org.au
QLD 4072 Australia | Email: auscert at auscert.org.au
More information about the nsp-security
mailing list