[nsp-sec] DDoS targeting 130.237.157.97

Torbjorn.Wictorin at cert.sunet.se Torbjorn.Wictorin at cert.sunet.se
Tue Nov 17 09:54:53 EST 2009 

hello,

130.237.157.97, which is a server for Stockholm university, has been
the victim of DDOS attacks (port 80), the last of which happened 
yesterday, 16:th.

The following hosts seems to have been involved in this attack. Actually 
it was more ip:s but I have restricted the list the most intense in
order to avoid false alerts. If anyone could find out the c&c, please let 
me know. Time in UTC.

1241    | 188.4.182.117    | GR | 2009-11-16 15:02:01 | FORTHNET-GR FORTHnet
1241    | 188.4.187.83     | GR | 2009-11-16 10:23:02 | FORTHNET-GR FORTHnet
1241    | 188.4.190.124    | GR | 2009-11-16 10:04:02 | FORTHNET-GR FORTHnet
2119    | 193.213.87.87    | NO | 2009-11-16 10:09:02 | TELENOR-NEXTEL Telenor Business Solutions AS
3215    | 92.134.218.176   | FR | 2009-11-16 10:07:03 | AS3215 France Telecom - Orange
3243    | 81.193.100.15    | PT | 2009-11-16 10:23:02 | TELEPAC PT.Com - Comunicacoes Interactivas, S.A.
3243    | 82.155.180.185   | PT | 2009-11-16 10:10:04 | TELEPAC PT.Com - Comunicacoes Interactivas, S.A.
3269    | 87.18.233.119    | IT | 2009-11-16 10:11:03 | ASN-IBSNAZ TELECOM ITALIA
3292    | 93.163.235.158   | DK | 2009-11-16 10:10:04 | TDC TDC Data Networks
3308    | 86.52.134.233    | DK | 2009-11-16 10:11:03 | TELIANET-DENMARK TeliaNet Denmark
5089    | 86.18.205.4      | GB | 2009-11-16 14:48:01 | NTL NTL Group Limited
5089    | 92.234.170.31    | GB | 2009-11-16 10:10:04 | NTL NTL Group Limited
5391    | 89.172.218.115   | HR | 2009-11-16 12:34:01 | T-HT T-Com Croatia Internet network
5391    | 89.172.233.231   | HR | 2009-11-16 14:18:01 | T-HT T-Com Croatia Internet network
5391    | 89.172.236.92    | HR | 2009-11-16 10:27:03 | T-HT T-Com Croatia Internet network
5391    | 93.139.97.58     | HR | 2009-11-16 10:11:03 | T-HT T-Com Croatia Internet network
5391    | 93.143.29.113    | HR | 2009-11-16 10:23:02 | T-HT T-Com Croatia Internet network
5408    | 155.207.244.151  | EU | 2009-11-16 10:23:02 | GR-NET Greek Research & Technology Network, http://www.grnet.gr
5483    | 84.2.204.117     | HU | 2009-11-16 10:07:03 | HTC-AS Hungarian Telecom ; Magyar Telekom
5603    | 89.142.103.175   | SI | 2009-11-16 10:11:03 | SIOL-NET Telekom Slovenije d.d.
5603    | 89.142.231.20    | SI | 2009-11-16 10:10:04 | SIOL-NET Telekom Slovenije d.d.
6389    | 68.221.167.182   | US | 2009-11-16 10:10:03 | BELLSOUTH-NET-BLK - BellSouth.net Inc.
6746    | 89.136.76.153    | RO | 2009-11-16 10:27:03 | ASTRAL UPC Romania Srl, Romania
8346    | 196.207.250.139  | SN | 2009-11-16 15:10:02 | SONATEL-AS Autonomous System
8374    | 95.40.83.89      | PL | 2009-11-16 10:08:03 | PLUSNET Polkomtel S.A.
8400    | 93.87.55.250     | CS | 2009-11-16 10:11:03 | TELEKOM-AS _TELEKOM SRBIJA_ a.d.
8402    | 78.107.140.243   | RU | 2009-11-16 10:11:03 | CORBINA-AS Corbina Telecom
8551    | 79.180.104.237   | IL | 2009-11-16 10:23:02 | BEZEQ-INTERNATIONAL-AS Bezeqint Internet Backbone
8708    | 79.116.71.221    | RO | 2009-11-16 10:27:03 | RDSNET RCS & RDS S.A.
8708    | 86.126.86.201    | RO | 2009-11-16 10:23:02 | RDSNET RCS & RDS S.A.
8990    | 95.171.72.52     | HU | 2009-11-16 10:11:03 | AHRT-AS AHRT-HU
9121    | 88.233.250.190   | TR | 2009-11-16 10:14:03 | TTNET TTnet Autonomous System
9121    | 88.243.105.89    | TR | 2009-11-16 12:39:01 | TTNET TTnet Autonomous System
9141    | 89.75.37.179     | PL | 2009-11-16 10:28:03 | AS9141 UPC Polska Sp. z o.o.
9141    | 89.79.248.214    | PL | 2009-11-16 10:10:04 | AS9141 UPC Polska Sp. z o.o.
9790    | 202.180.85.2     | NZ | 2009-11-16 10:47:02 | CALLPLUS-NZ-AP CallPlus Services Limited
9790    | 202.180.85.5     | NZ | 2009-11-16 12:42:02 | CALLPLUS-NZ-AP CallPlus Services Limited
10796   | 24.165.162.236   | US | 2009-11-16 10:25:05 | SCRR-10796 - Road Runner HoldCo LLC
12301   | 77.243.208.108   | HU | 2009-11-16 10:04:02 | INVITEL Invitel, Hungary
12618   | 89.191.159.162   | PL | 2009-11-16 10:11:03 | PL-BYDMAN-COM Commercial Users
12874   | 213.140.2.6      | IT | 2009-11-16 10:28:02 | FASTWEB Fastweb Autonomous System
12874   | 93.45.230.226    | IT | 2009-11-16 10:25:06 | FASTWEB Fastweb Autonomous System
12978   | 94.123.185.131   | TR | 2009-11-16 11:03:01 | DOGAN-ONLINE Dogan Iletisim Elektronik Servis Hizmetleri AS
12978   | 94.123.185.17    | TR | 2009-11-16 10:18:02 | DOGAN-ONLINE Dogan Iletisim Elektronik Servis Hizmetleri AS
15516   | 85.24.70.122     | DK | 2009-11-16 10:23:02 | DK-ARROWHEAD Arrowhead DK
15557   | 77.199.10.16     | FR | 2009-11-16 10:26:03 | LDCOMNET NEUF CEGETEL (formerly LDCOM NETWORKS)
17557   | 119.153.57.23    | PK | 2009-11-16 13:37:01 | PKTELECOM-AS-PK Pakistan Telecommunication Company Limited
21229   | 77.234.75.203    | HU | 2009-11-16 10:27:03 | TVNETWORK-AS TVNETWORK
29113   | 77.48.127.251    | CZ | 2009-11-16 10:07:03 | SLOANE-AS Sloane Park Property Trust, a.s. Autonomous System
29113   | 88.146.167.55    | CZ | 2009-11-16 10:11:03 | SLOANE-AS Sloane Park Property Trust, a.s. Autonomous System
29314   | 78.88.57.151     | PL | 2009-11-16 10:27:03 | VECTRANET-AS Vectra Technologie S.A. Autonomous System
31042   | 188.2.244.207    | RS | 2009-11-16 10:10:03 | SERBIA-BROADBAND-AS Serbia Broadband Autonomous System
34779   | 89.212.200.15    | SI | 2009-11-16 10:04:03 | T-2-AS AS set propagated by T-2, d.o.o.
35002   | 89.32.137.31     | RO | 2009-11-16 10:08:02 | NEWCOM-ASN New Com Telecomunicatii SA
35002   | 94.52.190.86     | RO | 2009-11-16 10:11:03 | NEWCOM-ASN New Com Telecomunicatii SA
35141   | 77.70.34.16      | BG | 2009-11-16 10:11:02 | MEGALAN Megalan - Autonomous System of Megalan Network Ltd.
37986   | 203.124.22.135   | IN | 2009-11-16 10:12:03 | TULIP Tulip Telecom Ltd.
38710   | 117.102.42.133   | PK | 2009-11-16 10:11:02 | WORLDCALL-AS-LHR Worldcall Broadband Limited
41572   | 213.160.243.193  | NL | 2009-11-16 10:11:02 | HAFSLUND Hafslund Telekom AS
42143   | 89.43.232.195    | RO | 2009-11-16 10:11:03 | AIR-BITES-AS SC AIR BITES SRL
43940   | 213.133.25.4     | ME | 2009-11-16 10:27:03 | MTEL-AS MTEL DOO AS Number
47148   | 77.81.144.242    | RO | 2009-11-16 10:23:02 | STARNETRANS-AS SC STARNETRANS SRL
47401   | 195.190.24.4     | PL | 2009-11-16 10:25:05 | AMREST-AS American Restaurants
47524   | 94.54.207.229    | TR | 2009-11-16 10:08:03 | TURKSAT-AS Turksat Uydu Haberlesme ve Kablo TV Isletme A.S.

-- 
Torbjorn Wictorin
Sunet CERT <cert at cert.sunet.se> http://www.cert.sunet.se

More information about the nsp-security mailing list