[nsp-sec] AS39792 | 81.91.181.02/4 IN . NS? DDoS activity
Jose Nazario
jose at arbor.net
Sat Mar 28 17:24:08 EDT 2009
via SIE passive DNS analysis for IN . NS? queries, target IP and count in
a 15 min window. sort of low counts but teh aggregate is very interesting.
VICTIM 81.91.181.109 326
VICTIM 81.91.181.126 343
VICTIM 81.91.181.110 340
VICTIM 81.91.181.111 336
VICTIM 81.91.181.98 346
VICTIM 81.91.181.99 343
VICTIM 81.91.181.114 377
VICTIM 81.91.181.115 330
VICTIM 81.91.181.116 350
VICTIM 81.91.181.117 368
VICTIM 81.91.181.118 351
VICTIM 81.91.181.119 348
VICTIM 81.91.181.96 339
VICTIM 81.91.181.97 341
VICTIM 81.91.181.112 334
VICTIM 81.91.181.113 351
VICTIM 81.91.181.107 375
VICTIM 81.91.181.106 343
VICTIM 81.91.181.105 311
VICTIM 81.91.181.104 332
VICTIM 81.91.181.103 339
VICTIM 81.91.181.102 374
VICTIM 81.91.181.101 327
VICTIM 81.91.181.100 347
VICTIM 81.91.181.121 322
VICTIM 81.91.181.120 341
VICTIM 81.91.181.123 330
VICTIM 81.91.181.122 368
VICTIM 81.91.181.125 354
VICTIM 81.91.181.124 366
VICTIM 81.91.181.127 353
VICTIM 81.91.181.108 344
here's that victim net:
inetnum: 81.91.176.0 - 81.91.191.255
netname: RU-ANDERS-20060426
descr: Anders Business Group Ltd.
country: RU
org: ORG-ABGL1-RIPE
admin-c: abn4-ripe
tech-c: abn4-ripe
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: ru-anders-mnt
mnt-routes: ru-anders-mnt
source: RIPE # Filtered
more turf wars going on?
-------------------------------------------------------------
jose nazario, ph.d. <jose at arbor.net>
manager of security research arbor networks
v: (734) 821 1427 http://asert.arbor.net/
More information about the nsp-security
mailing list