[nsp-sec] Packet love to ns1.dyndns.org
Stephen Gill
gillsr at cymru.com
Fri May 8 14:55:20 EDT 2009
Looks like mostly Korea.. We'll have a look.
3786 | 115.93.79.115 | 115.88.0.0/13 | KR | apnic |
2008-07-24 | LGDACOM LG DACOM Corporation
3786 | 123.140.112.111 | 123.140.0.0/14 | KR | apnic |
2007-02-22 | LGDACOM LG DACOM Corporation
3786 | 123.143.220.194 | 123.140.0.0/14 | KR | apnic |
2007-02-22 | LGDACOM LG DACOM Corporation
3786 | 61.39.151.60 | 61.32.0.0/13 | KR | apnic |
2000-09-18 | LGDACOM LG DACOM Corporation
4691 | 210.159.211.48 | 210.159.128.0/17 | JP | apnic |
1996-12-30 | DTI Dream Train Internet Inc.
4713 | 122.17.148.57 | 122.16.0.0/12 | JP | apnic |
2006-07-07 | OCN NTT Communications Corporation
7562 | 114.199.155.224 | 114.199.152.0/22 | KR | apnic |
2008-07-01 | HCNSEOCHO-AS-KR DCC
9318 | 110.8.178.2 | 110.8.0.0/16 | KR | apnic |
2009-02-18 | HANARO-AS Hanaro Telecom Inc.
9318 | 110.8.239.143 | 110.8.0.0/16 | KR | apnic |
2009-02-18 | HANARO-AS Hanaro Telecom Inc.
9318 | 110.9.85.240 | 110.9.0.0/16 | KR | apnic |
2009-02-18 | HANARO-AS Hanaro Telecom Inc.
9318 | 114.200.134.46 | 114.200.0.0/13 | KR | apnic |
2008-06-18 | HANARO-AS Hanaro Telecom Inc.
9318 | 114.201.232.18 | 114.200.0.0/13 | KR | apnic |
2008-06-18 | HANARO-AS Hanaro Telecom Inc.
9318 | 114.205.159.158 | 114.200.0.0/13 | KR | apnic |
2008-06-18 | HANARO-AS Hanaro Telecom Inc.
9318 | 114.206.156.192 | 114.200.0.0/13 | KR | apnic |
2008-06-18 | HANARO-AS Hanaro Telecom Inc.
9318 | 116.121.174.231 | 116.121.0.0/16 | KR | apnic |
2007-05-21 | HANARO-AS Hanaro Telecom Inc.
9318 | 118.223.141.135 | 118.223.0.0/16 | KR | apnic |
2007-10-25 | HANARO-AS Hanaro Telecom Inc.
9318 | 123.111.157.105 | 123.111.0.0/16 | KR | apnic |
2007-02-09 | HANARO-AS Hanaro Telecom Inc.
9318 | 123.214.142.8 | 123.212.0.0/14 | KR | apnic |
2007-02-09 | HANARO-AS Hanaro Telecom Inc.
9318 | 210.221.74.121 | 210.221.0.0/17 | KR | apnic |
1999-05-25 | HANARO-AS Hanaro Telecom Inc.
9318 | 211.108.50.17 | 211.108.0.0/16 | KR | apnic |
2000-04-14 | HANARO-AS Hanaro Telecom Inc.
9318 | 211.109.184.73 | 211.109.160.0/19 | KR | apnic |
2000-04-14 | HANARO-AS Hanaro Telecom Inc.
9318 | 211.204.12.56 | 211.200.0.0/13 | KR | apnic |
2000-08-22 | HANARO-AS Hanaro Telecom Inc.
9318 | 211.211.25.234 | 211.208.0.0/14 | KR | apnic |
2000-12-28 | HANARO-AS Hanaro Telecom Inc.
9318 | 211.49.193.153 | 211.49.192.0/19 | KR | apnic |
1999-11-18 | HANARO-AS Hanaro Telecom Inc.
9318 | 218.235.44.44 | 218.234.0.0/15 | KR | apnic |
2002-04-30 | HANARO-AS Hanaro Telecom Inc.
9318 | 218.237.128.24 | 218.236.0.0/14 | KR | apnic |
2002-04-30 | HANARO-AS Hanaro Telecom Inc.
9318 | 218.238.30.113 | 218.236.0.0/14 | KR | apnic |
2002-04-30 | HANARO-AS Hanaro Telecom Inc.
9318 | 218.52.15.9 | 218.52.0.0/14 | KR | apnic |
2001-11-22 | HANARO-AS Hanaro Telecom Inc.
9318 | 219.240.33.231 | 219.240.0.0/15 | KR | apnic |
2002-04-30 | HANARO-AS Hanaro Telecom Inc.
9318 | 221.142.183.221 | 221.140.0.0/14 | KR | apnic |
2003-05-30 | HANARO-AS Hanaro Telecom Inc.
9318 | 222.235.200.41 | 222.232.0.0/13 | KR | apnic |
2004-04-02 | HANARO-AS Hanaro Telecom Inc.
9318 | 222.235.221.69 | 222.232.0.0/13 | KR | apnic |
2004-04-02 | HANARO-AS Hanaro Telecom Inc.
9318 | 222.237.240.153 | 222.232.0.0/13 | KR | apnic |
2004-04-02 | HANARO-AS Hanaro Telecom Inc.
9318 | 222.238.67.114 | 222.232.0.0/13 | KR | apnic |
2004-04-02 | HANARO-AS Hanaro Telecom Inc.
9318 | 58.233.208.227 | 58.224.0.0/12 | KR | apnic |
2005-06-27 | HANARO-AS Hanaro Telecom Inc.
9318 | 58.234.102.123 | 58.224.0.0/12 | KR | apnic |
2005-06-27 | HANARO-AS Hanaro Telecom Inc.
9318 | 58.235.219.100 | 58.224.0.0/12 | KR | apnic |
2005-06-27 | HANARO-AS Hanaro Telecom Inc.
9845 | 123.248.36.128 | 123.248.36.0/22 | KR | apnic |
2007-01-25 | CJCKN-AS-KR CJ-CABLENET
9946 | 122.202.136.175 | 122.202.136.0/22 | KR | apnic |
2006-11-06 | CABLENET-AS-KR KCTV JEJU BROADCASTING
10036 | 58.140.125.17 | 58.140.0.0/17 | KR | apnic |
2005-05-24 | CNM-AS-KR C&M Communication Co. Ltd.
10036 | 58.142.64.134 | 58.142.64.0/21 | KR | apnic |
2005-05-24 | CNM-AS-KR C&M Communication Co. Ltd.
10066 | 123.199.92.35 | 123.199.88.0/21 | KR | apnic |
2006-11-10 | GAYANET-AS-KR CJ-CABLENET
10194 | 203.226.66.178 | 203.226.64.0/18 | KR | apnic |
1996-04-23 | DOOSANHEAVY-AS-KR Doosan Heavy Industries & Construction Co.,
Ltd.
17858 | 112.149.211.29 | 112.144.0.0/13 | KR | apnic |
2009-02-10 | KRNIC-ASBLOCK-AP KRNIC
17858 | 116.32.159.28 | 116.32.0.0/13 | KR | apnic |
2007-03-23 | KRNIC-ASBLOCK-AP KRNIC
17858 | 116.40.202.15 | 116.40.0.0/13 | KR | apnic |
2007-03-23 | KRNIC-ASBLOCK-AP KRNIC
17858 | 116.45.0.36 | 116.40.0.0/13 | KR | apnic |
2007-03-23 | KRNIC-ASBLOCK-AP KRNIC
17858 | 119.67.131.16 | 119.64.0.0/14 | KR | apnic |
2008-01-15 | KRNIC-ASBLOCK-AP KRNIC
17858 | 122.35.250.30 | 122.32.0.0/13 | KR | apnic |
2006-07-24 | KRNIC-ASBLOCK-AP KRNIC
17858 | 124.49.135.137 | 124.48.0.0/13 | KR | apnic |
2005-12-21 | KRNIC-ASBLOCK-AP KRNIC
17858 | 124.54.176.208 | 124.48.0.0/13 | KR | apnic |
2005-12-21 | KRNIC-ASBLOCK-AP KRNIC
17858 | 124.62.148.12 | 124.56.0.0/13 | KR | apnic |
2005-12-21 | KRNIC-ASBLOCK-AP KRNIC
17858 | 125.176.88.13 | 125.176.0.0/14 | KR | apnic |
2005-09-12 | KRNIC-ASBLOCK-AP KRNIC
17858 | 125.177.172.68 | 125.176.0.0/14 | KR | apnic |
2005-09-12 | KRNIC-ASBLOCK-AP KRNIC
17858 | 125.184.120.32 | 125.184.0.0/14 | KR | apnic |
2005-09-12 | KRNIC-ASBLOCK-AP KRNIC
17858 | 125.187.43.25 | 125.184.0.0/14 | KR | apnic |
2005-09-12 | KRNIC-ASBLOCK-AP KRNIC
18310 | 211.173.140.181 | 211.173.128.0/20 | KR | apnic |
2000-05-26 | VITSSEN-AS-KR TBROAD ABC BROADCASTING CO.,LTD.
23975 | 220.66.113.131 | 220.66.112.0/22 | KR | apnic |
2002-07-22 | YC-AS-KR Yonam Institute of Digital Technology
38098 | 120.142.202.164 | 120.142.200.0/21 | KR | apnic |
2008-04-17 | KUROCATV-AS-KR KUROCATVSYSTEM Co,.Ltd.
38108 | 58.143.252.164 | 58.143.248.0/21 | KR | apnic |
2005-05-24 | NOWON-AS-KR Nowon Cable Television Network
On 5/8/09 11:39 AM, "Tom Daly" <tom at dyn-inc.com> wrote:
> ----------- nsp-security Confidential --------
>
> Hi Folks,
> We've just received very large flood (>500Mbps) to ns1.dyndns.org UDP/53.
> Payloads are 1480-byte frames of garbage with the frag bit set. We've
> extracted the largest sources into the list below. Could folks have a look for
> a bot?
>
> Thanks,
> Tom
>
> IPv4 Address,Packets,Bytes,Tx Packets,Tx Bytes,Rx Packets,Rx Bytes
> 61.39.151.60,2623,2910422,2623,2910422,0,0
> 58.142.64.134,2616,2914224,2616,2914224,0,0
> 124.49.135.137,2600,2843920,2600,2843920,0,0
> 124.54.176.208,2599,2882742,2598,2882660,1,82
> 112.149.211.29,2592,2806848,2592,2806848,0,0
> 125.184.120.32,2587,2898158,2587,2898158,0,0
> 122.35.250.30,2578,2871092,2578,2871092,0,0
> 116.121.174.231,2577,2888778,2577,2888778,0,0
> 211.108.50.17,2575,2839670,2575,2839670,0,0
> 222.235.200.41,2564,2820604,2564,2820604,0,0
> 116.32.159.28,2561,2866506,2559,2866342,2,164
> 114.205.159.158,2553,2848108,2553,2848108,0,0
> 221.142.183.221,2551,2871468,2551,2871468,0,0
> 125.177.172.68,2527,2750678,2527,2750678,0,0
> 218.237.128.24,2507,2749226,2505,2749062,2,164
> 211.49.193.153,2491,2773934,2491,2773934,0,0
> 110.8.178.2,2490,2766660,2490,2766660,0,0
> 222.238.67.114,2488,2744432,2488,2744432,0,0
> 222.235.221.69,2477,2720518,2477,2720518,0,0
> 123.140.112.111,2462,2700268,2462,2700268,0,0
> 123.143.220.194,2462,2736256,2462,2736256,0,0
> 125.187.43.25,2425,2711450,2425,2711450,0,0
> 119.67.131.16,2422,2698268,2422,2698268,0,0
> 123.214.142.8,2399,2670182,2398,2670100,1,82
> 118.223.141.135,2257,2440778,2257,2440778,0,0
> 222.237.240.153,1945,1260986,1945,1260986,0,0
> 123.111.157.105,1854,1207884,1854,1207884,0,0
> 116.40.202.15,1699,1919486,1699,1919486,0,0
> 125.176.88.13,1675,1846178,1675,1846178,0,0
> 114.201.232.18,1673,1931470,1673,1931470,0,0
> 115.93.79.115,1669,1877414,1669,1877414,0,0
> 110.9.85.240,1647,1794654,1647,1794654,0,0
> 122.17.148.57,1638,1748316,1638,1748316,0,0
> 220.66.113.131,1613,1808482,1613,1808482,0,0
> 211.211.25.234,1592,1773808,1592,1773808,0,0
> 210.159.211.48,1551,1683702,1551,1683702,0,0
> 218.52.15.9,1539,1723770,1539,1723770,0,0
> 114.200.134.46,1355,1500430,1355,1500430,0,0
> 210.221.74.121,1279,1361382,1278,1361300,1,82
> 58.234.102.123,1209,1260186,1209,1260186,0,0
> 218.238.30.113,1154,1246996,1154,1246996,0,0
> 218.235.44.44,1152,1361088,1152,1361088,0,0
> 114.206.156.192,1126,1212284,1126,1212284,0,0
> 203.226.66.178,1055,1230550,1055,1230550,0,0
> 219.240.33.231,1012,1211528,1012,1211528,0,0
> 211.109.184.73,916,1123784,916,1123784,0,0
> 110.8.239.143,899,1001086,899,1001086,0,0
> 58.233.208.227,839,548358,839,548358,0,0
> 58.235.219.100,678,604092,678,604092,0,0
> 211.204.12.56,678,375612,678,375612,0,0
> 114.199.155.224,644,649576,644,649576,0,0
> 120.142.202.164,520,552552,520,552552,0,0
> 58.140.125.17,446,479404,446,479404,0,0
> 58.143.252.164,422,458404,422,458404,0,0
> 124.62.148.12,256,140838,256,140838,0,0
> 123.248.36.128,244,239816,244,239816,0,0
> 122.202.136.175,211,118814,211,118814,0,0
> 116.45.0.36,186,224004,186,224004,0,0
> 123.199.92.35,171,166734,171,166734,0,0
> 211.173.140.181,165,169170,165,169170,0,0
--
Stephen Gill, Chief Scientist, Team Cymru
http://www.cymru.com | +1 630 230 5423 | gillsr at cymru.com
More information about the nsp-security
mailing list