[nsp-sec] AS 42005, specifically 92.240.237.85
Jose Nazario
jose at arbor.net
Thu Jan 15 13:35:26 EST 2009
On Thu, 15 Jan 2009, Daniel Schwalbe wrote:
> Does anybody have any intelligence on AS 42005, specifically
> 92.240.237.85, that they would be willing to share with me? (I mean
> beyond what I can find out from Google, SANS, DShield etc)
target of ddos activity in october:
C&C C&C Port Command Timestamp
cxim.inattack.ru (203.117.111.52) 80
10;2000;10;1;0;30;100;3;20;1000;2000#flood syn and6.ch#5# 2008-10-24
14:12:59
cxim.inattack.ru (203.117.111.52) 80
10;2000;10;1;0;30;100;3;20;1000;2000#flood syn and6.ch#5# 2008-10-24
15:13:43
must-a-be.com (74.220.207.118) 80 1
http://and6.ch/index2.php?kanton_id=1 80 2008-10-15 16:02:47
must-a-be.com (74.220.207.118) 80 1
http://and6.ch/index2.php?kanton_id=1 80 2008-10-15 17:02:49
must-a-be.com (74.220.207.118) 80 1
http://and6.ch/index2.php?kanton_id=1 80 2008-10-15 18:02:47
must-a-be.com (74.220.207.118) 80 1
http://and6.ch/index2.php?kanton_id=1 80 2008-10-15 19:02:39
must-a-be.com (74.220.207.118) 80 1
http://and6.ch/index2.php?kanton_id=1 80 2008-10-15 20:02:35
must-a-be.com (74.220.207.118) 80 1
http://and6.ch/index2.php?kanton_id=1 80 2008-10-15 21:02:44
must-a-be.com (74.220.207.118) 80 1
http://and6.ch/index2.php?kanton_id=1 80 2008-10-15 22:02:40
must-a-be.com (74.220.207.118) 80 1
http://and6.ch/index2.php?kanton_id=1 80 2008-10-15 23:02:53
must-a-be.com (74.220.207.118) 80 1
http://and6.ch/index2.php?kanton_id=1 80 2008-10-16 00:02:43
must-a-be.com (74.220.207.118) 80 1
http://and6.ch/index2.php?kanton_id=1 80 2008-10-16 01:02:49
must-a-be.com (74.220.207.118) 80 1
http://and6.ch/index2.php?kanton_id=1 80 2008-10-16 02:03:06
must-a-be.com (74.220.207.118) 80 1
http://and6.ch/index2.php?kanton_id=1 80 2008-10-16 03:02:58
must-a-be.com (74.220.207.118) 80 1
http://and6.ch/index2.php?kanton_id=1 80 2008-10-16 04:03:08
must-a-be.com (74.220.207.118) 80 1
http://and6.ch/index2.php?kanton_id=1 80 2008-10-16 05:03:01
must-a-be.com (74.220.207.118) 80 1
http://and6.ch/index2.php?kanton_id=1 80 2008-10-16 06:03:21
must-a-be.com (74.220.207.118) 80 1
http://and6.ch/index2.php?kanton_id=1 80 2008-10-16 07:02:59
must-a-be.com (74.220.207.118) 80 1
http://and6.ch/index2.php?kanton_id=1 80 2008-10-16 08:02:55
must-a-be.com (74.220.207.118) 80 1
http://and6.ch/index2.php?kanton_id=1 80 2008-10-16 09:03:55
must-a-be.com (74.220.207.118) 80 1
http://and6.ch/index2.php?kanton_id=1 80 2008-10-16 10:03:23
must-a-be.com (74.220.207.118) 80 1
http://and6.ch/index2.php?kanton_id=1 80 2008-10-16 11:03:10
that's all i have at present.
-------------------------------------------------------------
jose nazario, ph.d. <jose at arbor.net>
manager of security research arbor networks
v: (734) 821 1427 http://asert.arbor.net/
More information about the nsp-security
mailing list