[nsp-sec] ack 2828 DDoS in progress
Yiming Gong
yiming.gong at xo.com
Mon Oct 12 17:04:39 EDT 2009
sanitized info forwarded to our Abuse team, thanks
On 10/12/2009 03:09 PM, Stephen Gill wrote:
> ----------- nsp-security Confidential --------
>
> Unspoofed list, sorted by ASN. Timestamp from last seen column.
>
> 557 | 169.244.134.214 | 2009/10/12T03:34:25 | UMAINE-SYS-AS -
> University of Maine System
> 557 | 169.244.143.121 | 2009/10/12T03:29:34 | UMAINE-SYS-AS -
> University of Maine System
> 577 | 207.35.172.214 | 2009/10/12T03:37:36 | BACOM - Bell Canada
> 852 | 64.114.203.19 | 2009/10/12T03:37:37 | ASN852 - Telus Advanced
> Communications
> 852 | 75.152.65.198 | 2009/10/12T03:37:38 | ASN852 - Telus Advanced
> Communications
> 1659 | 120.118.254.248 | 2009/10/12T03:37:46 | ERX-TANET-ASN1 Tiawan
> Academic Network (TANet) Information Center
> 2018 | 168.172.251.253 | 2009/10/12T03:37:42 | TENET-1
> 2042 | 61.6.163.30 | 2009/10/12T03:37:46 | ERX-JARING JARING
> Communications Sdn Bhd.
> 2602 | 158.64.76.128 | 2009/10/12T03:37:42 | RESTENA Reseau
> Teleinformatique de l_Education Nationale
> 2609 | 196.203.171.210 | 2009/10/12T03:36:46 | TN-BB-AS Tunisia BackBone
> AS
> 2828 | 140.239.56.38 | 2009/10/12T03:24:17 | XO-AS15 - XO
> Communications
> 2828 | 65.44.161.100 | 2009/10/12T03:37:40 | XO-AS15 - XO
> Communications
> 2828 | 71.4.242.182 | 2009/10/12T03:37:27 | XO-AS15 - XO
> Communications
> 3462 | 220.128.122.187 | 2009/10/12T03:37:38 | HINET Data Communication
> Business Group
> 3561 | 205.216.16.70 | 2009/10/12T03:34:22 | SAVVIS - Savvis
> 3816 | 200.21.232.130 | 2009/10/12T03:37:47 | COLOMBIA
> TELECOMUNICACIONES S.A. ESP
> 4134 | 125.79.156.224 | 2009/10/12T03:37:47 | CHINANET-BACKBONE
> No.31,Jin-rong Street
> 4134 | 211.155.231.208 | 2009/10/12T03:37:44 | CHINANET-BACKBONE
> No.31,Jin-rong Street
> 4134 | 218.17.5.151 | 2009/10/12T03:37:22 | CHINANET-BACKBONE
> No.31,Jin-rong Street
> 4134 | 218.64.88.30 | 2009/10/12T03:32:38 | CHINANET-BACKBONE
> No.31,Jin-rong Street
> 4134 | 222.92.116.39 | 2009/10/12T03:33:52 | CHINANET-BACKBONE
> No.31,Jin-rong Street
> 4134 | 59.39.145.178 | 2009/10/12T03:37:15 | CHINANET-BACKBONE
> No.31,Jin-rong Street
> 4134 | 61.146.46.100 | 2009/10/12T03:37:30 | CHINANET-BACKBONE
> No.31,Jin-rong Street
> 4266 | 63.241.58.84 | 2009/10/12T03:37:43 | CERNET-ASN-BLOCK -
> California Education and Research Federation Network
> 4323 | 199.197.2.141 | 2009/10/12T03:36:40 | TWTC - tw telecom
> holdings, inc.
> 4323 | 66.193.211.70 | 2009/10/12T03:03:10 | TWTC - tw telecom
> holdings, inc.
> 4323 | 97.65.164.211 | 2009/10/12T03:37:28 | TWTC - tw telecom
> holdings, inc.
> 4515 | 220.241.247.174 | 2009/10/12T03:27:25 | ERX-STAR PCCW IMSBiz
> 4755 | 158.144.44.198 | 2009/10/12T03:37:44 | TATACOMM-AS TATA
> Communications formerly VSNL is Leading ISP
> 4761 | 124.195.8.3 | 2009/10/12T03:37:43 | INDOSAT-INP-AP INDOSAT
> Internet Network Provider
> 4766 | 118.46.147.201 | 2009/10/12T03:37:26 | KIXS-AS-KR Korea Telecom
> 4766 | 220.70.2.137 | 2009/10/12T03:37:42 | KIXS-AS-KR Korea Telecom
> 4808 | 202.108.9.6 | 2009/10/12T03:37:42 | CHINA169-BJ CNCGROUP IP
> network China169 Beijing Province Network
> 4808 | 202.99.29.27 | 2009/10/12T03:37:36 | CHINA169-BJ CNCGROUP IP
> network China169 Beijing Province Network
> 4812 | 222.73.228.7 | 2009/10/12T03:37:41 | CHINANET-SH-AP China
> Telecom (Group)
> 4837 | 125.46.95.230 | 2009/10/12T03:37:26 | CHINA169-BACKBONE
> CNCGROUP China169 Backbone
> 4837 | 211.155.234.99 | 2009/10/12T03:37:22 | CHINA169-BACKBONE
> CNCGROUP China169 Backbone
> 4837 | 221.0.181.202 | 2009/10/12T03:37:46 | CHINA169-BACKBONE
> CNCGROUP China169 Backbone
> 4837 | 221.13.79.18 | 2009/10/12T03:37:47 | CHINA169-BACKBONE
> CNCGROUP China169 Backbone
> 4837 | 221.192.132.194 | 2009/10/12T03:37:42 | CHINA169-BACKBONE
> CNCGROUP China169 Backbone
> 4837 | 58.240.237.32 | 2009/10/12T03:32:29 | CHINA169-BACKBONE
> CNCGROUP China169 Backbone
> 6128 | 24.228.61.0 | 2009/10/12T03:37:30 | CABLE-NET-1 - Cablevision
> Systems Corp.
> 6128 | 24.44.107.63 | 2009/10/12T03:37:46 | CABLE-NET-1 - Cablevision
> Systems Corp.
> 6128 | 69.120.135.105 | 2009/10/12T03:37:36 | CABLE-NET-1 - Cablevision
> Systems Corp.
> 6128 | 69.121.168.132 | 2009/10/12T03:37:36 | CABLE-NET-1 - Cablevision
> Systems Corp.
> 6327 | 70.64.140.245 | 2009/10/12T03:37:44 | SHAW - Shaw
> Communications Inc.
> 6389 | 168.10.168.61 | 2009/10/12T03:37:44 | BELLSOUTH-NET-BLK -
> BellSouth.net Inc.
> 6429 | 200.31.42.3 | 2009/10/12T03:37:42 | Telmex Chile Internet
> S.A.
> 6471 | 200.72.30.210 | 2009/10/12T03:37:36 | ENTEL CHILE S.A.
> 6478 | 173.28.164.240 | 2009/10/12T03:32:46 | ATT-INTERNET3 - AT&T
> WorldNet Services
> 6619 | 203.244.221.3 | 2009/10/12T03:37:47 | SAMSUNGNETWORKS-AS-KR
> Samsung Networks Inc.
> 7015 | 24.128.194.117 | 2009/10/12T03:37:47 | COMCAST-7015 - Comcast
> Cable Communications Holdings, Inc
> 7015 | 24.147.201.72 | 2009/10/12T03:37:16 | COMCAST-7015 - Comcast
> Cable Communications Holdings, Inc
> 7015 | 71.192.196.210 | 2009/10/12T03:36:43 | COMCAST-7015 - Comcast
> Cable Communications Holdings, Inc
> 7016 | 24.23.98.38 | 2009/10/12T03:37:22 | CCCH-3 - Comcast Cable
> Communications Holdings, Inc
> 7018 | 12.147.63.234 | 2009/10/12T03:37:47 | ATT-INTERNET4 - AT&T
> WorldNet Services
> 7018 | 12.24.98.34 | 2009/10/12T03:32:23 | ATT-INTERNET4 - AT&T
> WorldNet Services
> 7303 | 190.139.100.74 | 2009/10/12T03:37:47 | Telecom Argentina S.A.
> 7725 | 24.131.55.84 | 2009/10/12T03:37:31 | COMCAST-7725 - Comcast
> Cable Communications Holdings, Inc
> 7725 | 24.99.224.136 | 2009/10/12T03:36:39 | COMCAST-7725 - Comcast
> Cable Communications Holdings, Inc
> 7725 | 24.99.44.37 | 2009/10/12T03:37:44 | COMCAST-7725 - Comcast
> Cable Communications Holdings, Inc
> 7725 | 68.59.241.175 | 2009/10/12T03:37:19 | COMCAST-7725 - Comcast
> Cable Communications Holdings, Inc
> 7725 | 71.204.101.209 | 2009/10/12T03:13:50 | COMCAST-7725 - Comcast
> Cable Communications Holdings, Inc
> 7725 | 76.97.170.39 | 2009/10/12T03:14:07 | COMCAST-7725 - Comcast
> Cable Communications Holdings, Inc
> 7738 | 200.195.95.38 | 2009/10/12T03:37:31 | Telecomunicacoes da Bahia
> S.A.
> 7738 | 200.223.136.114 | 2009/10/12T03:37:46 | Telecomunicacoes da Bahia
> S.A.
> 7738 | 200.223.225.12 | 2009/10/12T03:37:47 | Telecomunicacoes da Bahia
> S.A.
> 8048 | 190.205.174.89 | 2009/10/12T03:37:47 | CANTV Servicios,
> Venezuela
> 8167 | 187.4.205.90 | 2009/10/12T03:37:42 | TELESC - Telecomunicacoes
> de Santa Catarina SA
> 8167 | 201.40.172.99 | 2009/10/12T03:37:38 | TELESC - Telecomunicacoes
> de Santa Catarina SA
> 8508 | 157.158.51.39 | 2009/10/12T03:37:10 | SILWEB-AS-EDU SILWEB
> Autonomous System - Academic
> 9269 | 59.148.248.107 | 2009/10/12T03:34:22 | CTIHK-AS-AP City Telecom
> (H.K.) Ltd.
> 9306 | 211.88.20.15 | 2009/10/12T03:37:41 | CIECC-AS-AP China
> International Electronic Commerce Center
> 9318 | 110.8.253.100 | 2009/10/12T03:34:54 | HANARO-AS Hanaro Telecom
> Inc.
> 9318 | 123.215.198.131 | 2009/10/12T03:37:47 | HANARO-AS Hanaro Telecom
> Inc.
> 9829 | 203.110.245.250 | 2009/10/12T03:37:36 | BSNL-NIB National
> Internet Backbone
> 9919 | 220.228.144.129 | 2009/10/12T03:37:39 | NCIC-TW New Century
> InfoComm Tech Co., Ltd.
> 9929 | 210.51.10.197 | 2009/10/12T03:37:41 | CNCNET-CN China Netcom
> Corp.
> 9988 | 203.81.81.36 | 2009/10/12T03:37:47 | MPT-AP Myanma Post and
> Telecommunication
> 10126 | 114.30.47.10 | 2009/10/12T03:33:56 | CHTI-IP-AP Taiwan
> Internet Gateway
> 10429 | 189.57.40.18 | 2009/10/12T03:37:36 | Telefonica Empresas SA
> 10429 | 200.205.87.106 | 2009/10/12T03:37:47 | Telefonica Empresas SA
> 10796 | 65.28.232.90 | 2009/10/12T03:36:49 | SCRR-10796 - Road Runner
> HoldCo LLC
> 10796 | 65.31.16.168 | 2009/10/12T03:37:32 | SCRR-10796 - Road Runner
> HoldCo LLC
> 10938 | 200.238.83.49 | 2009/10/12T03:37:47 | ITEP
> 10994 | 70.125.105.1 | 2009/10/12T03:37:09 | TAMPA2-TWC-5 - Road
> Runner HoldCo LLC
> 11300 | 66.207.54.203 | 2009/10/12T03:37:45 | LYMANBROS - Lyman
> Brothers
> 11351 | 74.69.3.233 | 2009/10/12T03:37:47 | RR-NYSREGION-ASN-01 -
> Road Runner HoldCo LLC
> 11351 | 74.78.200.149 | 2009/10/12T03:37:35 | RR-NYSREGION-ASN-01 -
> Road Runner HoldCo LLC
> 11426 | 69.132.50.3 | 2009/10/12T03:37:39 | SCRR-11426 - Road Runner
> HoldCo LLC
> 11427 | 70.120.212.148 | 2009/10/12T03:36:18 | SCRR-11427 - Road Runner
> HoldCo LLC
> 11427 | 72.191.39.87 | 2009/10/12T03:37:46 | SCRR-11427 - Road Runner
> HoldCo LLC
> 11427 | 76.185.253.59 | 2009/10/12T03:36:01 | SCRR-11427 - Road Runner
> HoldCo LLC
> 11664 | 200.80.183.15 | 2009/10/12T03:37:46 | Techtel LMDS
> Comunicaciones Interactivas S.A.
> 11955 | 65.28.80.48 | 2009/10/12T03:37:14 | SCRR-11955 - Road Runner
> HoldCo LLC
> 11955 | 76.85.164.71 | 2009/10/12T03:37:07 | SCRR-11955 - Road Runner
> HoldCo LLC
> 12025 | 74.206.98.195 | 2009/10/12T03:34:28 | IO-DATA-CENTERS - IO Data
> Centers
> 12258 | 196.2.128.19 | 2009/10/12T03:37:44 | YEBO-AS
> 13367 | 66.41.65.229 | 2009/10/12T03:37:41 | COMCAST-13367 - Comcast
> Cable Communications Holdings, Inc
> 13432 | 70.173.21.122 | 2009/10/12T03:37:13 | ASN-CXA-LV-13432-CBS -
> Cox Communications Inc.
> 13432 | 70.180.249.34 | 2009/10/12T03:37:35 | ASN-CXA-LV-13432-CBS -
> Cox Communications Inc.
> 13489 | 190.248.8.163 | 2009/10/12T03:35:39 | EPM Telecomunicaciones
> S.A. E.S.P.
> 13576 | 208.53.196.128 | 2009/10/12T03:35:55 | SDNET - SOUTH DAKOTA
> NETWORK
> 14178 | 200.66.85.218 | 2009/10/12T03:33:28 | Megacable Comunicaciones
> de Mexico, SA de CV
> 14259 | 190.196.4.52 | 2009/10/12T03:32:30 | Gtd Internet S.A.
> 16467 | 207.47.9.4 | 2009/10/12T03:37:47 | ASN-NEXTWEB-R1 - Nextweb,
> Inc
> 16609 | 216.82.160.142 | 2009/10/12T03:37:47 | THE-AERO-GROUP-AS16609 -
> The Aero Group, Inc.
> 16629 | 200.54.148.34 | 2009/10/12T03:37:47 | CTC. CORP S.A.
> (TELEFONICA EMPRESAS)
> 16735 | 189.112.187.9 | 2009/10/12T03:37:46 | Companhia de
> Telecomunicacoes do Brasil Central
> 16810 | 67.62.67.180 | 2009/10/12T03:37:31 | CAVTEL02 - Cavalier
> Telephone
> 16811 | 148.78.243.53 | 2009/10/12T03:35:45 | SPACENET-GTH - Spacenet,
> Inc.
> 17379 | 201.12.64.150 | 2009/10/12T03:35:46 | Intelig Telecomunica Ltda
> 17506 | 221.116.142.90 | 2009/10/12T03:37:47 | UCOM UCOM Corp.
> 17625 | 202.131.98.165 | 2009/10/12T03:37:47 | BLAZENET-IN-AP BlazeNet_s
> Network
> 17775 | 211.144.106.82 | 2009/10/12T03:34:32 | STN-CN SHANGHAI Guangdian
> Electronics Group Co.,Ltd
> 17970 | 219.90.91.69 | 2009/10/12T03:34:06 | INTERISLAND-AS-AP TRI i
> AS Inter-Island Information Systems, Inc., AS Internet Service Provider and
> Internet Data Center, Manila PH
> 17970 | 219.90.92.82 | 2009/10/12T03:37:35 | INTERISLAND-AS-AP TRI i
> AS Inter-Island Information Systems, Inc., AS Internet Service Provider and
> Internet Data Center, Manila PH
> 17974 | 118.96.148.3 | 2009/10/12T03:36:44 | TELKOMNET-AS2-AP PT
> Telekomunikasi Indonesia
> 18403 | 210.245.63.218 | 2009/10/12T03:36:41 | FPT-AS-AP The Corporation
> for Financing& Promoting Technology
> 19108 | 74.194.177.114 | 2009/10/12T03:37:43 | SUDDENLINK-COMMUNICATIONS
> - Suddenlink Communications
> 19114 | 200.7.196.141 | 2009/10/12T03:37:46 | Otecel S.A.
> 19262 | 71.163.111.196 | 2009/10/12T03:37:13 | VZGNI-TRANSIT - Verizon
> Internet Services Inc.
> 19262 | 72.75.100.48 | 2009/10/12T03:04:35 | VZGNI-TRANSIT - Verizon
> Internet Services Inc.
> 19429 | 190.24.132.162 | 2009/10/12T03:37:46 | ETB - Colombia
> 19429 | 190.27.194.90 | 2009/10/12T03:37:18 | ETB - Colombia
> 19429 | 200.119.8.230 | 2009/10/12T03:37:14 | ETB - Colombia
> 19429 | 201.245.181.206 | 2009/10/12T03:36:30 | ETB - Colombia
> 20001 | 75.83.187.61 | 2009/10/12T03:13:16 | ROADRUNNER-WEST - Road
> Runner HoldCo LLC
> 20115 | 66.190.52.247 | 2009/10/12T03:37:15 | CHARTER-NET-HKY-NC -
> Charter Communications
> 20115 | 71.81.60.42 | 2009/10/12T03:37:46 | CHARTER-NET-HKY-NC -
> Charter Communications
> 20178 | 66.128.128.56 | 2009/10/12T03:34:25 | INTERNETEMC - Internet
> EMC
> 21844 | 207.44.255.162 | 2009/10/12T03:37:39 | THEPLANET-AS -
> ThePlanet.com Internet Services, Inc.
> 21844 | 74.54.156.73 | 2009/10/12T03:37:41 | THEPLANET-AS -
> ThePlanet.com Internet Services, Inc.
> 22258 | 174.50.34.26 | 2009/10/12T03:14:28 | COMCAST-22258 - Comcast
> Cable Communications Holdings, Inc
> 22258 | 75.65.64.126 | 2009/10/12T03:35:51 | COMCAST-22258 - Comcast
> Cable Communications Holdings, Inc
> 22258 | 75.66.49.218 | 2009/10/12T03:37:42 | COMCAST-22258 - Comcast
> Cable Communications Holdings, Inc
> 22258 | 76.107.213.79 | 2009/10/12T03:32:17 | COMCAST-22258 - Comcast
> Cable Communications Holdings, Inc
> 22258 | 98.239.51.193 | 2009/10/12T03:37:42 | COMCAST-22258 - Comcast
> Cable Communications Holdings, Inc
> 22298 | 66.63.165.7 | 2009/10/12T03:34:12 | SPNW - Secured Private
> Network
> 22439 | 74.222.1.99 | 2009/10/12T03:35:51 | VRTSERVERS - Vrtservers,
> Inc
> 22773 | 68.103.197.158 | 2009/10/12T03:37:25 | ASN-CXA-ALL-CCI-22773-RDC
> - Cox Communications Inc.
> 22773 | 68.106.161.233 | 2009/10/12T03:37:46 | ASN-CXA-ALL-CCI-22773-RDC
> - Cox Communications Inc.
> 22773 | 68.11.182.111 | 2009/10/12T03:37:40 | ASN-CXA-ALL-CCI-22773-RDC
> - Cox Communications Inc.
> 22773 | 68.229.158.213 | 2009/10/12T03:37:15 | ASN-CXA-ALL-CCI-22773-RDC
> - Cox Communications Inc.
> 22773 | 72.200.65.61 | 2009/10/12T03:37:17 | ASN-CXA-ALL-CCI-22773-RDC
> - Cox Communications Inc.
> 23106 | 201.62.130.70 | 2009/10/12T03:37:41 | Empresa de Infovias S/A
> 23672 | 122.128.100.21 | 2009/10/12T03:37:43 | ENETNP-AS Everest Net,
> 23844 | 124.42.1.165 | 2009/10/12T03:33:09 | BJ-GUANGHUAN-AP Beijing
> Guanghuan Xinwang Digital
> 23974 | 203.172.160.242 | 2009/10/12T03:32:31 | MOE-EDNET-AS-AP Ministry
> of education
> 25994 | 24.121.67.4 | 2009/10/12T03:36:19 | NPG-001 - NPG Cable, INC
> 26105 | 201.218.253.106 | 2009/10/12T03:37:41 | Telecarrier, Inc
> 26609 | 189.8.52.186 | 2009/10/12T03:37:28 | Universal Telecom S/A
> 26794 | 72.20.81.124 | 2009/10/12T03:37:46 | DCN-AS - Dakota Carrier
> Network
> 27699 | 200.171.103.124 | 2009/10/12T03:37:35 | TELECOMUNICACOES DE SAO
> PAULO S/A - TELESP
> 27798 | 200.6.162.31 | 2009/10/12T03:37:47 | COSTAVISION S.A.
> 27947 | 190.95.174.14 | 2009/10/12T03:37:42 | Telconet S.A
> 27947 | 201.218.12.54 | 2009/10/12T03:34:26 | Telconet S.A
> 28168 | 187.63.227.18 | 2009/10/12T03:37:47 |
> 28260 | 187.16.242.246 | 2009/10/12T03:37:46 |
> 28276 | 189.14.64.180 | 2009/10/12T03:37:47 | MIKROCENTER INFORM?TICA
> LTDA.
> 28667 | 189.1.179.89 | 2009/10/12T03:32:44 | Network Telecomunicações
> LTDA
> 29859 | 64.53.253.64 | 2009/10/12T03:37:47 | WOW-INTERNET-ILL -
> WideOpenWest Finance LLC
> 32613 | 174.142.104.57 | 2009/10/12T03:37:47 | IWEB-AS - iWeb
> Technologies Inc.
> 33070 | 72.32.122.8 | 2009/10/12T03:37:47 | RMH-14 - Rackspace.com,
> Ltd.
> 33287 | 68.36.189.253 | 2009/10/12T03:35:08 | COMCAST-33287 - Comcast
> Cable Communications, Inc.
> 33287 | 68.36.61.43 | 2009/10/12T03:37:11 | COMCAST-33287 - Comcast
> Cable Communications, Inc.
> 33287 | 68.38.247.234 | 2009/10/12T03:37:05 | COMCAST-33287 - Comcast
> Cable Communications, Inc.
> 33287 | 68.81.49.135 | 2009/10/12T03:37:44 | COMCAST-33287 - Comcast
> Cable Communications, Inc.
> 33287 | 76.117.231.124 | 2009/10/12T03:37:32 | COMCAST-33287 - Comcast
> Cable Communications, Inc.
> 33287 | 76.124.47.62 | 2009/10/12T03:37:37 | COMCAST-33287 - Comcast
> Cable Communications, Inc.
> 33287 | 76.98.123.140 | 2009/10/12T03:37:41 | COMCAST-33287 - Comcast
> Cable Communications, Inc.
> 33491 | 68.58.35.18 | 2009/10/12T03:36:43 | COMCAST-33491 - Comcast
> Cable Communications, Inc.
> 33650 | 71.227.242.212 | 2009/10/12T03:37:11 | COMCAST-33650 - Comcast
> Cable Communications, Inc.
> 33651 | 76.102.12.157 | 2009/10/12T03:37:42 | CMCS - Comcast Cable
> Communications, Inc.
> 33660 | 76.23.41.35 | 2009/10/12T03:37:41 | CMCS - Comcast Cable
> Communications, Inc.
> 33668 | 24.11.34.228 | 2009/10/12T03:37:31 | CMCS - Comcast Cable
> Communications, Inc.
> 33668 | 24.11.80.99 | 2009/10/12T03:37:28 | CMCS - Comcast Cable
> Communications, Inc.
> 33668 | 71.205.182.69 | 2009/10/12T03:37:18 | CMCS - Comcast Cable
> Communications, Inc.
> 36727 | 74.137.48.46 | 2009/10/12T03:37:38 |
> INSIGHT-COMMUNICATIONS-CORP-AS1 - INSIGHT COMMUNICATIONS COMPANY, L.P.
> 36727 | 96.28.235.252 | 2009/10/12T03:37:10 |
> INSIGHT-COMMUNICATIONS-CORP-AS1 - INSIGHT COMMUNICATIONS COMPANY, L.P.
> 36937 | 41.154.2.20 | 2009/10/12T03:36:50 | Neotel-AS
> 38144 | 60.253.112.249 | 2009/10/12T03:37:44 | JALAWAVE-AS-ID PT
> Jalawave Cakrawala
> 38413 | 125.240.55.130 | 2009/10/12T03:37:47 | SENGD-AS-KR Ganddong
> District Office of Education in Seoul
>
>
>
> On 10/11/09 9:11 PM, "Matthew.Swaar at us-cert.gov"<Matthew.Swaar at us-cert.gov>
> wrote:
>
>> ----------- nsp-security Confidential --------
>>
>>
>> The Department of Justice got some packet love last week from 5 - 8
>> October. It appears to have resumed as of ~0217GMT 12 October. The
>> target is (still) 'www.deadiversion.usdoj.gov' on IP 149.101.26.30 and
>> the attack is ongoing as of this writing.
>>
>> Attack vectors are 80-TCP, 80-UDP, and ICMP echo requests at the least.
>>
>> Attached are two files with IPS believed to be participating in the
>> attack. Each source IP in the list transmitted at least 5k packets
>> during a 40 minute window of ~ 0300-0340 over TCP-80. The IPS that met
>> the previous criteria and also appeared to complete a 3-way handshake
>> are in 'unspoofed_attackers_80tcp_12oct.txt'. IPS that may or may not
>> have completed a 3-way handshake are in the 'attackers_80tcp_12oct.txt'
>> file. (There is obviously overlap)
>>
>> Unfortunately, I cannot currently bulk resolve the IPS themselves, my
>> apologies.
>>
>> Any mitigation/squashing that can be provided (short of blackholing the
>> dest) would be appreciated.
>>
>>
>>
>> Very Respectfully,
>>
>> US-CERT Ops Center
>> 703-235-5111
>> POC: Matt Swaar - Analyst
>>
>>
>> _______________________________________________
>> nsp-security mailing list
>> nsp-security at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/nsp-security
>>
>> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
>> community. Confidentiality is essential for effective Internet security
>> counter-measures.
>> _______________________________________________
>
> --
> Stephen Gill, Chief Scientist, Team Cymru
> http://www.cymru.com | +1 630 230 5423 | gillsr at cymru.com
>
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>
More information about the nsp-security
mailing list