[nsp-sec] udp/53 floods from AS20773, c&c?
Felix Schueren
felix.schueren at hosteurope.de
Wed Jul 15 03:50:45 EDT 2009
Dear colleagues,
we've seen a rise in udp/53 floods during the last weeks - I currently
see smallish ongoing floods (~50k pps) starting ~08:00 CEST to victims
211.157.128.33 (AS4808)
74.208.2.9 (AS8560 - ns57.1and1.com)
from these 4 zombies
87.230.34.86
87.230.8.195
87.230.11.223
87.230.78.177
I can see long-living tcp connections from these zombies to 217.79.190.39:81
~ > telnet my.gambu.de 81
Trying 217.79.190.39...
Connected to my.gambu.de.
Escape character is '^]'.
get /
:irc.foonet.com 451 get :You have not registered
quit
any data on this? Would it be interesting enough to try & capture some
traffic/logfiles?
Kind regards,
Felix
--
Felix Schüren
Head of Network
-----------------------------------------------------------------------
Host Europe GmbH - http://www.hosteurope.de
Welserstraße 14 - 51149 Köln - Germany
Telefon: 0800 467 8387 - Fax: +49 180 5 66 3233 (*)
HRB 28495 Amtsgericht Köln - USt-IdNr.: DE187370678
Geschäftsführer:
Uwe Braun - Alex Collins - Mark Joseph - Patrick Pulvermüller
(*) 0,14 EUR/Min. aus dem dt. Festnetz, Mobilfunkpreise ggf. abweichend
More information about the nsp-security
mailing list