[nsp-sec] Packet love to ns1.dyndns.org

Tom Daly tom at dyn-inc.com
Fri May 8 14:39:59 EDT 2009 

Hi Folks,
We've just received very large flood (>500Mbps) to ns1.dyndns.org UDP/53. Payloads are 1480-byte frames of garbage with the frag bit set. We've extracted the largest sources into the list below. Could folks have a look for a bot?

Thanks,
Tom

IPv4 Address,Packets,Bytes,Tx Packets,Tx Bytes,Rx Packets,Rx Bytes
61.39.151.60,2623,2910422,2623,2910422,0,0
58.142.64.134,2616,2914224,2616,2914224,0,0
124.49.135.137,2600,2843920,2600,2843920,0,0
124.54.176.208,2599,2882742,2598,2882660,1,82
112.149.211.29,2592,2806848,2592,2806848,0,0
125.184.120.32,2587,2898158,2587,2898158,0,0
122.35.250.30,2578,2871092,2578,2871092,0,0
116.121.174.231,2577,2888778,2577,2888778,0,0
211.108.50.17,2575,2839670,2575,2839670,0,0
222.235.200.41,2564,2820604,2564,2820604,0,0
116.32.159.28,2561,2866506,2559,2866342,2,164
114.205.159.158,2553,2848108,2553,2848108,0,0
221.142.183.221,2551,2871468,2551,2871468,0,0
125.177.172.68,2527,2750678,2527,2750678,0,0
218.237.128.24,2507,2749226,2505,2749062,2,164
211.49.193.153,2491,2773934,2491,2773934,0,0
110.8.178.2,2490,2766660,2490,2766660,0,0
222.238.67.114,2488,2744432,2488,2744432,0,0
222.235.221.69,2477,2720518,2477,2720518,0,0
123.140.112.111,2462,2700268,2462,2700268,0,0
123.143.220.194,2462,2736256,2462,2736256,0,0
125.187.43.25,2425,2711450,2425,2711450,0,0
119.67.131.16,2422,2698268,2422,2698268,0,0
123.214.142.8,2399,2670182,2398,2670100,1,82
118.223.141.135,2257,2440778,2257,2440778,0,0
222.237.240.153,1945,1260986,1945,1260986,0,0
123.111.157.105,1854,1207884,1854,1207884,0,0
116.40.202.15,1699,1919486,1699,1919486,0,0
125.176.88.13,1675,1846178,1675,1846178,0,0
114.201.232.18,1673,1931470,1673,1931470,0,0
115.93.79.115,1669,1877414,1669,1877414,0,0
110.9.85.240,1647,1794654,1647,1794654,0,0
122.17.148.57,1638,1748316,1638,1748316,0,0
220.66.113.131,1613,1808482,1613,1808482,0,0
211.211.25.234,1592,1773808,1592,1773808,0,0
210.159.211.48,1551,1683702,1551,1683702,0,0
218.52.15.9,1539,1723770,1539,1723770,0,0
114.200.134.46,1355,1500430,1355,1500430,0,0
210.221.74.121,1279,1361382,1278,1361300,1,82
58.234.102.123,1209,1260186,1209,1260186,0,0
218.238.30.113,1154,1246996,1154,1246996,0,0
218.235.44.44,1152,1361088,1152,1361088,0,0
114.206.156.192,1126,1212284,1126,1212284,0,0
203.226.66.178,1055,1230550,1055,1230550,0,0
219.240.33.231,1012,1211528,1012,1211528,0,0
211.109.184.73,916,1123784,916,1123784,0,0
110.8.239.143,899,1001086,899,1001086,0,0
58.233.208.227,839,548358,839,548358,0,0
58.235.219.100,678,604092,678,604092,0,0
211.204.12.56,678,375612,678,375612,0,0
114.199.155.224,644,649576,644,649576,0,0
120.142.202.164,520,552552,520,552552,0,0
58.140.125.17,446,479404,446,479404,0,0
58.143.252.164,422,458404,422,458404,0,0
124.62.148.12,256,140838,256,140838,0,0
123.248.36.128,244,239816,244,239816,0,0
122.202.136.175,211,118814,211,118814,0,0
116.45.0.36,186,224004,186,224004,0,0
123.199.92.35,171,166734,171,166734,0,0
211.173.140.181,165,169170,165,169170,0,0

-- 
Tom Daly
Dynamic Network Services, Inc.
P: +1-603-296-1537
http://dynamicnetworkservices.com/

More information about the nsp-security mailing list