[nsp-sec] DDoS targetting AS 38887
Zane Jarvis
zane at auscert.org.au
Mon Aug 10 09:07:07 EDT 2009
Hi all,
Whoops, attachment got stripped.
After some further analysis. It looks like the only source IPs are:
72.18.196.223
85.25.153.44
217.116.49.123
65.182.212.13
61.19.252.84
84.22.134.50
Here are log extracts for the above.
12:02:15.063503 IP 72.18.196.223 56227 > 202.45.155.46 7575: UDP, length
8192
12:02:15.228328 IP 85.25.153.44 37009 > 202.45.155.46 20625: UDP, length
8192
12:02:15.262590 IP 217.116.49.123 8201 > 202.45.155.46 60167: UDP, length
8192
12:02:16.457247 IP 65.182.212.13 37442 > 202.45.155.46 6277: UDP, length
8192
12:02:16.968588 IP 61.19.252.84 36462 > 202.45.155.46 33441: UDP, length
8192
12:02:25.037346 IP 84.22.134.50 4761 > 202.45.155.46 5183: UDP, length 8192
Any help will be appreciated.
Thanks
Zane.
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-
> bounces at puck.nether.net] On Behalf Of Zane Jarvis
> Sent: Monday, 10 August 2009 5:33 PM
> To: nsp-sec
> Subject: [nsp-sec] DDoS targetting AS 38887
>
> ----------- nsp-security Confidential --------
More information about the nsp-security
mailing list