[nsp-sec] DOS attack against engineering.columbia.edu (128.59.48.55)

Joel Rosenblatt joel at columbia.edu
Fri Jun 5 22:34:28 EDT 2009 

Hi,

Here is a list of the worst IP offenders .. any help would be greatly appreciated.

2828    | 67.111.103.188   | XO-AS15 - XO Communications
3595    | 207.210.125.41   | GNAXNET-AS - Global Net Access, LLC
4323    | 207.201.218.130  | TWTC - tw telecom holdings, inc.
6724    | 85.214.43.155    | STRATO Strato AG
7393    | 216.198.218.141  | CYBERCON - CYBERCON, INC.
8358    | 195.70.62.72     | INTERWARE-AS InterWare Autonomus System
8560    | 74.208.43.231    | ONEANDONE-AS 1&1 Internet AG
9872    | 203.96.25.48     | ITNET-NZ-AS-AP ITNet Ltd
9942    | 203.24.49.237    | COMINDICO-AP SOUL Converged Communications Australia
11691   | 66.211.102.133   | EVOCATIVE - Evocative, Inc.
11798   | 69.89.27.208     | BLUEHOST-AS - Bluehost Inc.
11798   | 69.89.27.243     | BLUEHOST-AS - Bluehost Inc.
11798   | 74.220.202.46    | BLUEHOST-AS - Bluehost Inc.
11798   | 74.220.207.65    | BLUEHOST-AS - Bluehost Inc.
11798   | 74.220.219.110   | BLUEHOST-AS - Bluehost Inc.
11798   | 74.220.219.111   | BLUEHOST-AS - Bluehost Inc.
11798   | 74.220.219.116   | BLUEHOST-AS - Bluehost Inc.
13768   | 69.90.179.7      | PEER1 - Peer 1 Network Inc.
15244   | 67.210.98.60     | ADDD2NET-COM-INC-DBA-LUNARPAGES - Lunar Pages
16805   | 64.38.59.202     | FASTSERVERS - FastServers, Inc.
17183   | 208.77.98.4      | RAPIDVPS-COM - Infinitum Technologies Inc.
17183   | 208.84.148.37    | RAPIDVPS-COM - Infinitum Technologies Inc.
18806   | 69.7.16.141      | ONENECK-IT-SERVICES-TDC-AS - OneNeck IT Services Corporation
21840   | 66.118.176.86    | SAGONET-TPA - Sago Networks
21844   | 67.19.218.130    | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
21844   | 74.52.168.114    | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
22653   | 69.61.106.42     | GLOBALCOMPASS - Cyber Wurx LLC
22969   | 216.235.148.199  | MARIETTA-FIBERNET Marietta Fibernet
25525   | 85.92.129.171    | REASONNET-AS Reasonnet IP Networks B.V. number
25653   | 208.116.32.74    | FORTRESSITX - FortressITX
28753   | 89.149.194.20    | NETDIRECT AS NETDIRECT Frankfurt, DE
29422   | 217.30.180.106   | NBLNETWORKS-AS Nebula Oy Autonomous System
30058   | 76.73.90.250     | FDCSERVERS - FDCservers.net
30496   | 72.29.104.145    | COLO4 - Colo4Dallas LP
31708   | 85.13.238.2      | COREIX-UK-AS Coreix Limited
32244   | 209.59.142.247   | LIQUID-WEB-INC - Liquid Web, Inc.
32244   | 69.16.248.4      | LIQUID-WEB-INC - Liquid Web, Inc.
33260   | 204.10.66.208    | HOSTASAURUS - Hostasaurus, Inc.
42699   | 77.220.232.26    | MANAGEDHOSTING-AS AS managedhosting.de GmbH
48408   | 91.209.133.70    | TURBOLIJN-AS CHAT BVBA

Thanks,
Joel

--On Friday, June 05, 2009 9:49 PM -0400 Joel Rosenblatt <joel at columbia.edu> wrote:

> Hi,
>
> It appears that the web site engineering.columbia.edu was hacked and appeared to be selling Cialis, among other things.  Someone must not like this because
> they are now DDOSing us. We have unhacked the site, but the DDOS is still going on. I guess that it's possible that the traffic is really all of the buyers
> being directed toward us through a fast-flux bot net - in any case, the servers we have that run the site are in real distress.
>
> I am trying to get a list of IPs sending us the packet love, but until then, if you see lots of traffic being directed to that address, it would be nice is
> it could be squelched.
>
> Any help would be greatly appreciated.
>
> Thanks in advance.
> Joel
>
> Joel Rosenblatt, Manager Network & Computer Security
> Columbia Information Security Office (CISO)
> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
> http://www.columbia.edu/~joel
>
>



Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel

More information about the nsp-security mailing list