[nsp-sec] 62.73.178.42 getting some packet love
Darren Grabowski
drg at us.ntt.net
Wed May 6 16:53:25 EDT 2009
We have a customer that is getting hit, so far it appears to just be
random udp traffic. Looks something like this:
19:00:49.076464 IP (tos 0x0, ttl 48, id 21568, offset 0, flags [+], proto
UDP (17), length 1500) 75.77.79.38.15465 > 62.73.178.42.32594: UDP, length
8192
19:00:49.076585 IP (tos 0x0, ttl 2, id 56233, offset 0, flags [+], proto UDP
(17), length 1500) 209.115.42.145.58314 > 62.73.178.42.16116: UDP, length
8192
19:00:49.076654 IP (tos 0x0, ttl 11, id 56234, offset 7400, flags [none],
proto UDP (17), length 820) 209.115.42.145 > 62.73.178.42: udp
19:00:49.076777 IP (tos 0x0, ttl 84, id 21619, offset 0, flags [+], proto
UDP (17), length 1500) 75.77.79.38.15465 > 62.73.178.42.32594: UDP, length
8192
19:00:49.076900 IP (tos 0x0, ttl 2, id 56233, offset 5920, flags [+], proto
UDP (17), length 1500) 209.115.42.145 > 62.73.178.42: udp
19:00:49.076969 IP (tos 0x0, ttl 2, id 56233, offset 7400, flags [none],
proto UDP (17), length 820) 209.115.42.145 > 62.73.178.42: udp
Anyone seeing this and care to offer any additional info? Everything is
a blur and the coffee is not working. Thanks!
--
Darren Grabowski - Manager w: 214-915-1387
NTT America Security & Abuse Team c: 214-934-1788
More information about the nsp-security
mailing list