[nsp-sec] DDoS to the Presidential web site of Uruguay
Nicholas Ianelli
ni at cert.org
Fri Feb 6 11:50:10 EST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team,
Santiago from CERTuy just reached out to us due to a DDoS on the
Presidential web site of Uruguay:
www.presidencia.gub.uy
They are looking for any assistance that can be provided (read:
mitigation of said attack).
Any assistance you can provide in stopping this attack and locating and
terminating the C2 host would be greatly appreciated.
I'm in the process of clarifying the type of attack occurring, but
Santiago provided a list of 261 hosts (heavy hitters) that are attacking
them now. You can find the data at the following URL or below.
https://asn.cymru.com/nsp-sec/upload/1233938486.whois.txt
Thanks!
Nick
Bulk mode; whois.cymru.com [2009-02-06 16:41:26 +0000]
209 | 71.210.189.217 | ASN-QWEST - Qwest Communications Corporation
577 | 76.66.25.129 | BACOM - Bell Canada
719 | 88.112.49.40 | ELISA-AS Elisa Oyj
1241 | 77.49.149.10 | FORTHNET-GR FORTHnet
1241 | 77.49.173.212 | FORTHNET-GR FORTHnet
1257 | 213.101.228.123 | TELE2
2119 | 78.82.225.67 | TELENOR-NEXTEL T.net
2609 | 41.226.136.48 | TN-BB-AS Tunisia BackBone AS
2609 | 41.226.92.254 | TN-BB-AS Tunisia BackBone AS
2856 | 86.131.95.172 | BT-UK-AS BTnet UK Regional network
2856 | 86.170.250.254 | BT-UK-AS BTnet UK Regional network
3215 | 81.48.140.129 | AS3215 France Telecom - Orange
3215 | 81.50.148.31 | AS3215 France Telecom - Orange
3215 | 90.3.224.245 | AS3215 France Telecom - Orange
3215 | 90.37.20.41 | AS3215 France Telecom - Orange
3215 | 90.5.232.152 | AS3215 France Telecom - Orange
3215 | 92.138.28.138 | AS3215 France Telecom - Orange
3243 | 85.244.173.70 | TELEPAC PT.Com - Comunicacoes Interactivas,
S.A.
3249 | 217.159.182.67 | ESTPAK Elion Enterprises Ltd.
3249 | 84.50.64.9 | ESTPAK Elion Enterprises Ltd.
3269 | 79.11.1.181 | ASN-IBSNAZ TELECOM ITALIA
3269 | 79.14.140.28 | ASN-IBSNAZ TELECOM ITALIA
3269 | 79.52.96.248 | ASN-IBSNAZ TELECOM ITALIA
3269 | 82.48.161.204 | ASN-IBSNAZ TELECOM ITALIA
3269 | 82.51.52.14 | ASN-IBSNAZ TELECOM ITALIA
3269 | 87.16.159.214 | ASN-IBSNAZ TELECOM ITALIA
3269 | 87.3.68.108 | ASN-IBSNAZ TELECOM ITALIA
3269 | 87.6.128.111 | ASN-IBSNAZ TELECOM ITALIA
3301 | 62.20.235.106 | TELIANET-SWEDEN TeliaNet Sweden
3301 | 90.224.33.132 | TELIANET-SWEDEN TeliaNet Sweden
3320 | 84.135.213.13 | DTAG Deutsche Telekom AG
3320 | 84.135.231.240 | DTAG Deutsche Telekom AG
3320 | 87.185.228.217 | DTAG Deutsche Telekom AG
3320 | 91.50.112.243 | DTAG Deutsche Telekom AG
3340 | 195.56.208.83 | GTS-DATANET-AS DataNet Telecommunication Ltd.
3352 | 80.31.247.220 | TELEFONICA-DATA-ESPANA Internet Access
Network of TDE
3352 | 80.34.217.246 | TELEFONICA-DATA-ESPANA Internet Access
Network of TDE
3352 | 83.57.144.187 | TELEFONICA-DATA-ESPANA Internet Access
Network of TDE
3352 | 83.63.253.50 | TELEFONICA-DATA-ESPANA Internet Access
Network of TDE
3352 | 88.7.235.17 | TELEFONICA-DATA-ESPANA Internet Access
Network of TDE
3352 | 88.9.92.194 | TELEFONICA-DATA-ESPANA Internet Access
Network of TDE
4713 | 220.99.160.206 |
4788 | 118.101.112.24 | TMNET-AS-AP TM Net, Internet Service Provider
5390 | 85.144.12.87 | EURONET Orange Nederland B.V. Global AS
5391 | 78.0.131.203 | T-HT T-Com Croatia Internet network
5391 | 78.2.74.70 | T-HT T-Com Croatia Internet network
5391 | 78.3.113.25 | T-HT T-Com Croatia Internet network
5391 | 78.3.72.139 | T-HT T-Com Croatia Internet network
5391 | 89.172.214.1 | T-HT T-Com Croatia Internet network
5391 | 89.172.25.175 | T-HT T-Com Croatia Internet network
5432 | 81.247.123.242 | BELGACOM-SKYNET-AS Belgacom regional ASN
5483 | 84.0.180.95 | HTC-AS Hungarian Telecom
5603 | 89.143.180.220 | SIOL-NET Telekom Slovenije d.d.
5603 | 95.176.154.179 | SIOL-NET Telekom Slovenije d.d.
5610 | 90.177.184.219 | TO2-CZECH-REPUBLIC Telefonica O2, Czech
Republic
5610 | 90.178.152.115 | TO2-CZECH-REPUBLIC Telefonica O2, Czech
Republic
5610 | 90.178.98.155 | TO2-CZECH-REPUBLIC Telefonica O2, Czech
Republic
5617 | 80.50.126.46 | TPNET Polish Telecom_s commercial IP network
5617 | 83.18.228.125 | TPNET Polish Telecom_s commercial IP network
5713 | 165.145.145.142 | SAIX-NET
6057 | 190.0.142.35 | Administracion Nacional de Telecomunicaciones
6057 | 190.134.13.82 | Administracion Nacional de Telecomunicaciones
6057 | 190.134.144.125 | Administracion Nacional de Telecomunicaciones
6057 | 190.134.166.179 | Administracion Nacional de Telecomunicaciones
6057 | 190.134.30.42 | Administracion Nacional de Telecomunicaciones
6057 | 190.135.157.4 | Administracion Nacional de Telecomunicaciones
6057 | 190.135.25.13 | Administracion Nacional de Telecomunicaciones
6057 | 190.135.3.138 | Administracion Nacional de Telecomunicaciones
6057 | 200.40.10.226 | Administracion Nacional de Telecomunicaciones
6057 | 200.40.137.193 | Administracion Nacional de Telecomunicaciones
6057 | 200.40.181.226 | Administracion Nacional de Telecomunicaciones
6057 | 200.40.190.210 | Administracion Nacional de Telecomunicaciones
6057 | 200.40.208.122 | Administracion Nacional de Telecomunicaciones
6057 | 200.40.208.2 | Administracion Nacional de Telecomunicaciones
6057 | 200.40.216.162 | Administracion Nacional de Telecomunicaciones
6057 | 200.40.62.190 | Administracion Nacional de Telecomunicaciones
6057 | 200.40.96.180 | Administracion Nacional de Telecomunicaciones
6057 | 200.40.97.137 | Administracion Nacional de Telecomunicaciones
6057 | 200.40.97.65 | Administracion Nacional de Telecomunicaciones
6746 | 78.97.38.164 | ASTRAL ASTRAL Telecom SA, Romania
6746 | 85.186.115.220 | ASTRAL ASTRAL Telecom SA, Romania
6746 | 85.186.222.81 | ASTRAL ASTRAL Telecom SA, Romania
6746 | 89.137.102.97 | ASTRAL ASTRAL Telecom SA, Romania
6746 | 89.137.225.226 | ASTRAL ASTRAL Telecom SA, Romania
6746 | 89.137.247.168 | ASTRAL ASTRAL Telecom SA, Romania
6799 | 94.68.138.111 | OTENET-GR OTEnet S.A. Multiprotocol
Backbone & ISP
6821 | 62.162.107.218 | MT-AS-OWN AS number of MT
6830 | 62.24.95.89 | UPC UPC Broadband
6830 | 80.98.233.134 | UPC UPC Broadband
6830 | 80.99.213.46 | UPC UPC Broadband
6830 | 89.102.115.129 | UPC UPC Broadband
6830 | 89.103.233.236 | UPC UPC Broadband
6830 | 89.103.7.249 | UPC UPC Broadband
6830 | 89.132.47.5 | UPC UPC Broadband
6830 | 89.133.103.87 | UPC UPC Broadband
6830 | 89.134.106.108 | UPC UPC Broadband
6830 | 89.135.115.77 | UPC UPC Broadband
6830 | 89.173.15.37 | UPC UPC Broadband
6855 | 78.99.128.105 | SK SLOVAK TELECOM, AS6855
6855 | 84.47.70.33 | SK SLOVAK TELECOM, AS6855
6866 | 213.7.130.190 | CYTA-NETWORK Cyprus Telecommunications
Authority
7132 | 71.133.241.206 | SBIS-AS - AT&T Internet Services
7738 | 189.71.83.154 | Telecomunicacoes da Bahia S.A.
7738 | 189.81.82.117 | Telecomunicacoes da Bahia S.A.
7738 | 201.29.87.96 | Telecomunicacoes da Bahia S.A.
8167 | 200.103.197.183 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 201.67.36.194 | TELESC - Telecomunicacoes de Santa Catarina SA
8228 | 88.140.146.112 | CEGETEL-AS CEGETEL ENTREPRISES
8400 | 79.101.226.125 | TELEKOM-AS _TELEKOM SRBIJA_ a.d.
8400 | 93.86.166.150 | TELEKOM-AS _TELEKOM SRBIJA_ a.d.
8447 | 88.116.247.234 | TELEKOM-AT Telekom Austria AutonomousSystem
8447 | 88.117.50.65 | TELEKOM-AT Telekom Austria AutonomousSystem
8448 | 84.224.27.38 | PGSM-HU Pannon GSM Telecommunications Inc.
8452 | 41.233.189.176 | TEDATA TEDATA
8551 | 79.181.144.92 | BEZEQ-INTERNATIONAL-AS Bezeqint Internet
Backbone
8591 | 90.157.129.214 | AMIS Amis
8612 | 84.222.25.149 | TISCALI-IT Tiscali Italia SpA.
8696 | 62.77.230.130 | INVITEL INVITEL Telecommunications
8708 | 62.231.71.134 | RDSNET RCS & RDS S.A.
8708 | 62.231.71.176 | RDSNET RCS & RDS S.A.
8708 | 62.231.71.190 | RDSNET RCS & RDS S.A.
8708 | 79.112.10.7 | RDSNET RCS & RDS S.A.
8708 | 79.112.107.38 | RDSNET RCS & RDS S.A.
8708 | 79.113.146.222 | RDSNET RCS & RDS S.A.
8708 | 79.113.68.3 | RDSNET RCS & RDS S.A.
8708 | 79.113.8.197 | RDSNET RCS & RDS S.A.
8708 | 79.114.4.190 | RDSNET RCS & RDS S.A.
8708 | 79.116.222.64 | RDSNET RCS & RDS S.A.
8708 | 79.116.90.197 | RDSNET RCS & RDS S.A.
8708 | 79.117.155.84 | RDSNET RCS & RDS S.A.
8708 | 79.117.163.144 | RDSNET RCS & RDS S.A.
8708 | 79.117.69.187 | RDSNET RCS & RDS S.A.
8708 | 79.118.224.100 | RDSNET RCS & RDS S.A.
8708 | 79.118.24.42 | RDSNET RCS & RDS S.A.
8708 | 81.196.170.244 | RDSNET RCS & RDS S.A.
8708 | 81.196.69.22 | RDSNET RCS & RDS S.A.
8708 | 84.232.128.143 | RDSNET RCS & RDS S.A.
8708 | 86.121.160.67 | RDSNET RCS & RDS S.A.
8708 | 86.122.233.11 | RDSNET RCS & RDS S.A.
8708 | 86.122.67.53 | RDSNET RCS & RDS S.A.
8708 | 86.126.237.31 | RDSNET RCS & RDS S.A.
8764 | 213.190.34.30 | TEOLTAB TEO LT AB Autonomous System
8764 | 78.60.225.206 | TEOLTAB TEO LT AB Autonomous System
8764 | 78.60.41.212 | TEOLTAB TEO LT AB Autonomous System
8764 | 78.60.47.98 | TEOLTAB TEO LT AB Autonomous System
8866 | 87.126.162.40 | BTC-AS Bulgarian Telecommunication Company Plc.
8866 | 95.42.191.215 | BTC-AS Bulgarian Telecommunication Company Plc.
9050 | 89.120.243.67 | RTD RTD-ROMTELECOM Autonomous System Number
9050 | 89.123.137.222 | RTD RTD-ROMTELECOM Autonomous System Number
9050 | 89.123.166.234 | RTD RTD-ROMTELECOM Autonomous System Number
9050 | 89.123.166.67 | RTD RTD-ROMTELECOM Autonomous System Number
9050 | 89.123.29.142 | RTD RTD-ROMTELECOM Autonomous System Number
9050 | 89.123.86.223 | RTD RTD-ROMTELECOM Autonomous System Number
9050 | 92.80.180.152 | RTD RTD-ROMTELECOM Autonomous System Number
9050 | 92.81.207.222 | RTD RTD-ROMTELECOM Autonomous System Number
9050 | 92.81.236.164 | RTD RTD-ROMTELECOM Autonomous System Number
9050 | 92.81.61.233 | RTD RTD-ROMTELECOM Autonomous System Number
9050 | 92.82.14.51 | RTD RTD-ROMTELECOM Autonomous System Number
9050 | 92.82.56.238 | RTD RTD-ROMTELECOM Autonomous System Number
9050 | 92.84.103.105 | RTD RTD-ROMTELECOM Autonomous System Number
9050 | 92.84.114.115 | RTD RTD-ROMTELECOM Autonomous System Number
9050 | 92.84.152.201 | RTD RTD-ROMTELECOM Autonomous System Number
9050 | 92.84.236.167 | RTD RTD-ROMTELECOM Autonomous System Number
9050 | 92.84.48.147 | RTD RTD-ROMTELECOM Autonomous System Number
9050 | 92.85.7.174 | RTD RTD-ROMTELECOM Autonomous System Number
9050 | 92.85.98.237 | RTD RTD-ROMTELECOM Autonomous System Number
9121 | 78.161.118.53 | TTNET TTnet Autonomous System
9121 | 81.214.92.37 | TTNET TTnet Autonomous System
9121 | 85.96.139.109 | TTNET TTnet Autonomous System
9121 | 88.232.196.89 | TTNET TTnet Autonomous System
9121 | 88.241.198.201 | TTNET TTnet Autonomous System
9143 | 94.209.40.44 | ZIGGO Ziggo - tv, internet, telefoon
9143 | 94.210.146.16 | ZIGGO Ziggo - tv, internet, telefoon
9146 | 89.146.165.238 | BIHNET BIHNET Autonomus System
9299 | 119.94.34.119 | IPG-AS-AP Philippine Long Distance
Telephone Company
9299 | 122.54.242.214 | IPG-AS-AP Philippine Long Distance
Telephone Company
9299 | 124.104.114.198 | IPG-AS-AP Philippine Long Distance
Telephone Company
9318 | 221.138.95.88 | HANARO-AS Hanaro Telecom Inc.
9556 | 114.30.104.28 | ADAM-AS-AP Adam Internet Pty Ltd
9689 | 115.161.1.49 | FCABLE-AS Qrix, Inc.
9737 | 118.172.210.249 | TOTNET-TH-AS-AP TOT Public Company Limited
9737 | 118.172.213.72 | TOTNET-TH-AS-AP TOT Public Company Limited
9829 | 59.93.121.146 | BSNL-NIB National Internet Backbone
9829 | 59.93.221.6 | BSNL-NIB National Internet Backbone
10030 | 203.82.91.34 | CELCOMNET-AP Celcom Internet Service Provider
10139 | 121.1.55.54 | SMARTBRO-PH-AP Smart Broadband, Inc.
10143 | 220.233.42.146 | EXETEL-AS-AP Exetel Pty Ltd
11426 | 24.211.177.221 | SCRR-11426 - Road Runner HoldCo LLC
11427 | 68.201.75.15 | SCRR-11427 - Road Runner HoldCo LLC
12322 | 78.229.224.207 | PROXAD AS for Proxad/Free ISP
12322 | 82.227.29.143 | PROXAD AS for Proxad/Free ISP
12322 | 88.178.37.30 | PROXAD AS for Proxad/Free ISP
12338 | 83.213.47.153 | EUSKALTEL Euskaltel Autonomous System
12353 | 77.54.205.123 | VODAFONE-PT Vodafone Portugal
12392 | 78.129.82.231 | ASBRUTELE AS Object for Brutele SC
12542 | 81.84.34.182 | TVCABO Autonomous System
12594 | 80.85.53.52 | EXTERNET-AS EXTERNET Autonomus System
12715 | 87.217.77.132 | JAZZNET Jazz Telecom S.A.
12876 | 91.172.153.215 | AS12876 Telecom Italia France
12978 | 94.123.193.117 | DOGAN-ONLINE Dogan Iletisim Elektronik
Servis Hizmetleri AS
13156 | 217.129.1.204 | AS13156 Cabovisao,SA
13184 | 85.176.162.144 | HANSENET HanseNet Telekommunikation GmbH
13343 | 97.100.234.60 | SCRR-13343 - Road Runner HoldCo LLC
14778 | 72.30.142.247 | INKTOMI-LAWSON - Inktomi Corporation
15169 | 66.249.71.208 | GOOGLE - Google Inc.
15169 | 66.249.71.209 | GOOGLE - Google Inc.
15169 | 66.249.71.210 | GOOGLE - Google Inc.
15467 | 62.68.176.44 | ENTERNET-LIBERCOM-AS Enternet 2001 Ltd.,
Hungary
15527 | 85.157.154.234 | VLP-VLT Autonomous System
15557 | 77.194.19.211 | LDCOMNET NEUF CEGETEL (formerly LDCOM NETWORKS)
15557 | 79.81.40.56 | LDCOMNET NEUF CEGETEL (formerly LDCOM NETWORKS)
15557 | 79.83.9.110 | LDCOMNET NEUF CEGETEL (formerly LDCOM NETWORKS)
15557 | 86.74.19.205 | LDCOMNET NEUF CEGETEL (formerly LDCOM NETWORKS)
15557 | 86.74.232.238 | LDCOMNET NEUF CEGETEL (formerly LDCOM NETWORKS)
15557 | 93.1.3.2 | LDCOMNET NEUF CEGETEL (formerly LDCOM NETWORKS)
15557 | 93.1.3.93 | LDCOMNET NEUF CEGETEL (formerly LDCOM NETWORKS)
15614 | 213.168.181.2 | DRAGON Dragon Internet a.s.
15659 | 84.48.204.17 | NEXTGENTEL NEXTGENTEL Autonomous System
15808 | 41.206.62.70 | Communication Solutions Ltd is an ISP serving
15858 | 77.81.124.225 | RIVULUS-AS Planet Rivulus SRL
16246 | 82.150.166.16 | CLNET CLNet s.r.o. Internet Service
Provider Czech Republic
17813 | 59.178.52.156 | MTNL-AP Mahanagar Telephone Nigam Ltd.
17908 | 59.164.2.236 | TCISL Tata Communications
19090 | 201.74.157.53 | Canbras Net Ltda.
20115 | 66.227.237.95 | CHARTER-NET-HKY-NC - Charter Communications
20255 | 200.108.211.110 | Tecnowind S.A.
20579 | 84.245.71.11 | NETLABPLUS Netlab plus, spol. s r. o.
20771 | 95.104.34.42 | CAUCASUS-CABLE-SYSTEM CCS Autonomous System
20960 | 82.160.49.35 | TKTELEKOM-AS Telekomunikacja Kolejowa is an
ISP operating in Poland
22689 | 187.0.87.114 | Internet By Sercomtel Ltda
23700 | 118.136.166.146 | BM-AS-ID PT. Broadband Multimedia, Tbk
24560 | 122.167.78.20 | AIRTELBROADBAND-AS-AP Bharti Airtel Ltd.,
Telemedia Services
25003 | 91.143.230.93 | QOS QoS - Value Added Communications 2000 Ltd
25144 | 94.250.84.66 | TELEKOM-SRPSKE-AS Telekom Srpske
25512 | 81.19.35.178 | CDT-AS CD-Telematika a.s.
27699 | 189.18.110.41 | TELECOMUNICACOES DE SAO PAULO S/A - TELESP
27699 | 201.92.83.57 | TELECOMUNICACOES DE SAO PAULO S/A - TELESP
29113 | 213.192.2.142 | SLOANE-AS Sloane Park Property Trust, a.s.
Autonomous System
29113 | 213.192.27.82 | SLOANE-AS Sloane Park Property Trust, a.s.
Autonomous System
29113 | 213.192.8.69 | SLOANE-AS Sloane Park Property Trust, a.s.
Autonomous System
29208 | 89.235.19.186 | DIALTELECOM-AS Dial Telecom, a.s.
29314 | 88.156.96.17 | VECTRANET-AS Vectra Technologie S.A.
Autonomous System
29405 | 217.73.16.126 | VNET-AS VNET ISP Bratislava, Slovakia, SK
29518 | 83.233.71.92 | SKYNET-AS Skycom Sweden
29518 | 94.255.134.206 | SKYNET-AS Skycom Sweden
30890 | 89.47.96.190 | EVOLVA Evolva Telecom
31102 | 89.46.137.214 | AT-AS SC ADLER TRADING SRL
31282 | 89.21.101.59 | ATNR Atlas Telecom Network Romania
33922 | 88.216.102.72 | NTT-LT-AS NTT Data and VoIP services
34226 | 89.147.117.108 | RUBICOM-HU-AS RubiCom Ltd.
35002 | 89.35.139.245 | NEWCOM-ASN New Com Telecomunicatii SA
35002 | 92.114.2.231 | NEWCOM-ASN New Com Telecomunicatii SA
35820 | 89.32.49.240 | TELESAT-AS SC Telesat SRL
38322 | 120.140.14.219 | P1NETWORKS-MY-AP Packet One Networks Sdn
Bhd, Internet Services Provider
38944 | 87.99.57.195 | LANET-AS LANet sp. z o.o.
39354 | 88.222.128.234 | DOKEDA megaNET network
41272 | 80.185.94.136 | MOSELLE-TELECOM-AS MOSELLE TELECOM
41749 | 89.39.164.236 | NETCOMPUTERS-AS SC Net & Computers SRL
43447 | 79.163.173.233 | PTK-CENTERTEL-DSL-AS PTK Centertel Sp. z o.o.
47345 | 85.122.135.19 | RTS-TELECOM-AS SC RTS Telecom SRL
48168 | 91.209.47.100 | BANK-OF-CYPRUS-AS BANK OF CYPRUS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iEYEARECAAYFAkmMakIACgkQi10dJIBjZIBEuwCgnOqgEYG+MG5tHYYngo/3ayju
NdAAnRk19Aw1Ebz9hbJXgno0X/gAndnE
=r473
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list