[nsp-sec] Peek at flows
Stephen Gill
gillsr at cymru.com
Thu Jan 29 17:56:39 EST 2009
Hi Team,
Would you mind taking a peek at your packets and/or flows if any of these
happen to be yours? Novirusthanks.org believes they are being attached with
a mix of UDP / icmp fragments and here is the list of Ips I have from today:
Target: scanner.novirusthanks.org
(dynamic IP, so it is changing as they reset the router due to the DOS)
Timestamp: ongoing
Attacking Ips:
684 | 205.200.19.163 | MTSAL-ASN - MTS Allstream Inc.
3269 | 88.58.114.74 | ASN-IBSNAZ TELECOM ITALIA
3786 | 118.130.16.135 | LGDACOM LG DACOM Corporation
3786 | 211.60.210.253 | LGDACOM LG DACOM Corporation
4665 | 165.132.37.192 | YONSEI-AS-KR Yonsei University
4760 | 119.236.111.112 | HKTIMS-AP PCCW Limited
4766 | 115.23.5.4 | KIXS-AS-KR Korea Telecom
4766 | 119.207.152.248 | KIXS-AS-KR Korea Telecom
4766 | 121.134.140.130 | KIXS-AS-KR Korea Telecom
4766 | 121.171.96.2 | KIXS-AS-KR Korea Telecom
4766 | 121.190.74.201 | KIXS-AS-KR Korea Telecom
4766 | 124.198.116.65 | KIXS-AS-KR Korea Telecom
4766 | 125.142.156.129 | KIXS-AS-KR Korea Telecom
4766 | 211.48.51.74 | KIXS-AS-KR Korea Telecom
4766 | 222.119.129.74 | KIXS-AS-KR Korea Telecom
4766 | 59.10.12.110 | KIXS-AS-KR Korea Telecom
4766 | 59.5.4.16 | KIXS-AS-KR Korea Telecom
4766 | 61.75.28.18 | KIXS-AS-KR Korea Telecom
4766 | 61.78.108.65 | KIXS-AS-KR Korea Telecom
4766 | 61.78.113.31 | KIXS-AS-KR Korea Telecom
5384 | 86.98.1.202 | EMIRATES-INTERNET Emirates Internet
6395 | 65.89.97.157 | LVLT-6395 - Level 3 Communications, Inc.
6539 | 142.200.32.10 | GT-BELL - Bell Canada
7018 | 12.43.124.219 | ATT-INTERNET4 - AT&T WorldNet Services
7132 | 66.139.106.20 | SBIS-AS - AT&T Internet Services
7557 | 203.242.149.136 | KTNET-AS Korea Trade Network
9050 | 89.122.141.18 | RTD RTD-ROMTELECOM Autonomous System Number
9299 | 119.92.30.145 | IPG-AS-AP Philippine Long Distance Telephone
Company
9317 | 165.246.204.254 | ITISNET-AS Inha University
9318 | 211.178.136.16 | HANARO-AS Hanaro Telecom Inc.
9318 | 211.208.28.231 | HANARO-AS Hanaro Telecom Inc.
9318 | 218.50.89.56 | HANARO-AS Hanaro Telecom Inc.
9318 | 221.140.31.158 | HANARO-AS Hanaro Telecom Inc.
9318 | 58.225.25.26 | HANARO-AS Hanaro Telecom Inc.
9457 | 211.111.60.156 | DREAMX-AS DREAMLINE CO.
9572 | 203.232.238.129 | HUFSNET-AS Hankuk University of Foreign Studies
Computer Center
12271 | 208.120.96.236 | SCRR-12271 - Road Runner HoldCo LLC
12322 | 88.186.182.4 | PROXAD AS for Proxad/Free ISP
13946 | 208.108.176.120 | ETECHOHIO - eTech Ohio
17184 | 74.7.240.101 | ATL-CBEYOND - CBEYOND COMMUNICATIONS, LLC
17858 | 119.70.132.69 | KRNIC-ASBLOCK-AP KRNIC
17858 | 124.50.113.135 | KRNIC-ASBLOCK-AP KRNIC
17858 | 125.176.4.202 | KRNIC-ASBLOCK-AP KRNIC
17974 | 203.130.194.108 | TELKOMNET-AS2-AP PT Telekomunikasi Indonesia
18302 | 124.139.225.119 | SKG_NW-AS-KR SK Global co., Ltd
19262 | 71.119.127.128 | VZGNI-TRANSIT - Verizon Internet Services Inc.
20124 | 72.25.0.35 | DE-TELECOMM - D&E Communications
22773 | 24.251.49.5 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
22773 | 68.228.59.135 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
22773 | 68.3.137.124 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
22773 | 68.5.186.102 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
22773 | 70.183.193.59 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
29194 | 217.66.24.5 | ASN-TVT TeleRadioCompany TVT
33491 | 24.14.147.88 | DNEO-OSP7 - Comcast Cable Communications, Inc.
Thanks!
--
Stephen Gill, Chief Scientist, Team Cymru
http://www.cymru.com | +1 312 924 4023 | gillsr at cymru.com
More information about the nsp-security
mailing list