[nsp-sec] Got traffic?
John Fraizer
john at op-sec.us
Thu Jul 16 11:28:43 EDT 2009
Summary: total flows: 149, total bytes: 18174, total packets: 153, avg
bps: 415, avg pps: 0, avg bpp: 118
Time window: 2009-07-16 15:11:27 - 2009-07-16 16:07:21
That is at 1:100 sample rate.
It's all UDP destined to port 53 on your end with a tiny bit of ICMP DST
UNREACH coming from address space on my network back towards your targets.
Leads me to believe that there might be some adjacent-block spoofing going
on.
John
On Thu, Jul 16, 2009 at 2:44 PM, Nicholas Ianelli <ni at centergate.net> wrote:
> ----------- nsp-security Confidential --------
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Are folks seeing lots of requests destined to any of these IP addresses
> (UDP based):
>
> 156.154.100.3
> 156.154.101.3
> 156.154.102.3
> 156.154.103.3
>
> Nick
> - --
> Nicholas Ianelli: NeuStar, Inc.
> Security Operations
>
> 46000 Center Oak Plaza Sterling, VA 20166
> +1 571.434.4691 - http://www.neustar.biz
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
>
> iEYEARECAAYFAkpfPOcACgkQi10dJIBjZIAeQACfXj9dbxamPUKmDdi1Sk7X06sm
> wh0AnA3XqzqsBUKzuf7LSFdBqEDodju1
> =+nxs
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
>
More information about the nsp-security
mailing list