[nsp-sec] UDP based DDoS Attack
Nicholas Ianelli
ni at centergate.net
Tue Jul 14 17:23:55 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team,
UDP based DDoS attack (attempting to resolve a particular domain name)
from 278460 uniq sources - all of which hit only our west coast locations.
The attack was very short lived and ended up hitting the following hosts:
udns2.ultradns.net - 204.74.101.1
udns1.ultradns.net - 204.69.234.1
Timestamps for the data ranges between:
Start: 12:52:03.333643 GMT/UTC
End: 12:56:05.476605000 GMT/UTC
All the IPs can be located at the following URL (*Note: the file is 21MB):
https://asn.cymru.com/nsp-sec/upload/1247591313.whois.txt
The vast majority ( > 90%) appear to be based in China. I'll work a bit
more on the data, as the sources may be spoofed, the IP selection seems
a bit odd to me though.
AS' involved:
10212
10223
17175
17429
17430
17431
17485
17498
17531
17557
17608
17620
17621
17622
17623
17633
17638
17672
17693
17739
17772
17773
17775
17777
17785
17799
17813
17816
17820
17883
17896
17897
17904
17917
17923
17962
17964
17968
17969
18000
18118
18144
18202
18239
18241
18245
18328
18383
21856
22351
23649
23724
23792
23832
23844
23850
23851
23853
23860
23871
23910
23911
23912
23921
24057
24059
24134
24137
24138
24139
24141
24249
24259
24289
24301
24376
24400
24403
24416
24430
24444
24445
24538
24545
2519
2687
2764
34414
37927
37943
37963
38342
38356
38456
38546
38558
38616
38628
4134
45118
45180
45321
45352
4538
45435
45460
45497
45671
4628
4656
4755
4776
4789
4808
4809
4812
4835
4837
4839
4840
4843
4847
6619
703
7497
7552
7575
7594
7604
7640
7641
8153
8401
9238
9255
9298
9299
9308
9329
9374
9381
9389
9391
9394
9401
9466
9499
9564
9800
9802
9803
9806
9808
9809
9810
9811
9812
9814
9815
9819
9844
9929
9939
9988
Nick
- --
Nicholas Ianelli: NeuStar, Inc.
Security Operations
46000 Center Oak Plaza Sterling, VA 20166
+1 571.434.4691 - http://www.neustar.biz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iEYEARECAAYFAkpc92sACgkQi10dJIBjZIC+zgCgucJ2EBw6DaasBQ+owqJuYRgS
EDAAn1y/1cMw195B6KNPH2nwCT5NgIbG
=NBo0
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list