[nsp-sec] DNS attack on 213.94.190.236/213.94.190.194 (AS5466)
Aidan Carty
aidan.carty at heanet.ie
Thu Jul 9 06:28:31 EDT 2009
Hi All
One of the largest ISPs in Ireland, Eircom (AS5466) suffered what they
believed to be a DNS poisoning attack,
it affected a large number of their broadband users.
http://news.softpedia.com/news/Possible-DNS-Hack-at-Ireland-039-s-Largest-ISP-115860.shtml
Eircom are not on NSP-SEC, but they have been reaching out to local ISP
security contacts to try and get a handle on this.
Most of the instances of the attack seem to be coming from the below
addresses.
200.222.0.35/24 - ns4.telemar.net.br
200.202.193.74/24 - ns2.telemar.net.br
This would have occurred on the 6th and 7th this week. Generally from
21:00 GMT onward for about a 3hr window.
The ip addresses of the affected DNS servers were 213.94.190.236 and
213.94.190.194.
So...
-Has anybody seen something similar from these address, or have further
insight to whats going on ?
-Anybody seen unusual DNS traffic to 213.94.190.236 and 213.94.190.194.
Comments on or off-list would be welcome.
regards Aidan
--
Aidan Carty, MNS - Security
HEAnet Limited, Ireland's Education and Research Network
1st Floor, 5 George's Dock, IFSC, Dublin 1, Ireland.
Registered in Ireland, no 275301 tel: +353-1-660 9040 fax: +353-1-660 3666
web: http://www.heanet.ie/security/
PGP Key ID: 0x639E7609
More information about the nsp-security
mailing list