[nsp-sec] 200kpps attack to 195.8.66.1 - sources for your perusal

David Freedman david.freedman at uk.clara.net
Wed Oct 21 01:51:52 EDT 2009 

Started 02:45GMT - here are some TCP sources for your perusal

3269    | 79.2.222.96      | ASN-IBSNAZ TELECOM ITALIA
3269    | 79.4.36.180      | ASN-IBSNAZ TELECOM ITALIA
3269    | 79.53.188.45     | ASN-IBSNAZ TELECOM ITALIA
3269    | 79.53.21.59      | ASN-IBSNAZ TELECOM ITALIA
3269    | 79.55.162.205    | ASN-IBSNAZ TELECOM ITALIA
3269    | 82.48.243.125    | ASN-IBSNAZ TELECOM ITALIA
4766    | 119.200.156.68   | KIXS-AS-KR Korea Telecom
4766    | 121.138.64.106   | KIXS-AS-KR Korea Telecom
4766    | 121.147.175.202  | KIXS-AS-KR Korea Telecom
4766    | 121.148.36.22    | KIXS-AS-KR Korea Telecom
4766    | 121.178.13.151   | KIXS-AS-KR Korea Telecom
4766    | 121.179.151.78   | KIXS-AS-KR Korea Telecom
4766    | 59.0.222.219     | KIXS-AS-KR Korea Telecom
4766    | 59.10.140.52     | KIXS-AS-KR Korea Telecom
4766    | 59.3.236.83      | KIXS-AS-KR Korea Telecom
5089    | 82.3.221.80      | NTL NTL Group Limited
5432    | 87.65.23.254     | BELGACOM-SKYNET-AS Belgacom regional ASN
6678    | 81.67.161.233    | ASN-NOOS NUMERICABLE is a cable operator,
7132    | 99.191.118.214   | SBIS-AS - AT&T Internet Services
8369    | 77.222.120.4     | INTERSVYAZ-AS Intersvyaz-2 JSC
8369    | 78.29.32.75      | INTERSVYAZ-AS Intersvyaz-2 JSC
8402    | 78.106.242.165   | CORBINA-AS Corbina Telecom
8551    | 79.180.107.47    | BEZEQ-INTERNATIONAL-AS Bezeqint Internet Backbone
9121    | 78.187.132.156   | TTNET TTnet Autonomous System
9316    | 125.244.75.130   | DACOM-PUBNETPLUS-AS-KR DACOM PUBNETPLUS
12322   | 82.252.1.143     | PROXAD AS for Proxad/Free ISP
12322   | 82.66.249.124    | PROXAD AS for Proxad/Free ISP
12322   | 88.176.240.34    | PROXAD AS for Proxad/Free ISP
12605   | 90.146.128.226   | LIWEST-AT LIWEST Kabelmedien GmbH
12670   | 89.226.220.239   | Completel Autonomous System in France
12874   | 93.51.226.10     | FASTWEB Fastweb Autonomous System
12876   | 91.163.99.63     | AS12876 Telecom Italia France
15557   | 79.90.153.94     | LDCOMNET NEUF CEGETEL (formerly LDCOM NETWORKS)
17858   | 124.54.9.209     | KRNIC-ASBLOCK-AP KRNIC
24326   | 124.157.137.175  | TTT-AS-AP Maxnet, Internet Service Provider, Bangkok
29518   | 83.219.212.150   | SKYNET-AS Skycom Sweden
30722   | 93.65.160.68     | VODAFONE-IT-ASN Vodafone N.V.
35141   | 78.90.124.245    | MEGALAN Megalan - Autonomous System of Megalan Network Ltd.
35632   | 87.100.49.112    | IRIS64-AS IRIS64
41440   | 92.126.23.56     | SIBIRTELECOM-AS Sibirtelecom backbone AS
44957   | 93.147.93.193    | OPITEL OPITEL AS number
45629   | 124.157.137.175  | JASTEL-NETWORK-TH-AP Jasmine International Tower
45758   | 124.157.137.175  | TRIPLETNET-AS-AP TripleT Internet Internet service provider Bangkok


Also, a rather determined person at 59.94.142.114 was involved before the TCP attack started

AS      | IP               | AS Name
9829    | 59.94.142.114    | BSNL-NIB National Internet Backbone (india)

I have reason to belive this person is either the perpetrator or has strong links to such
due to the nature of the site targeted.

Attack is ongoing at this time but being mitigated

TIA as usual


------------------------------------------------
David Freedman
Group Network Engineering 
Claranet Limited
http://www.clara.net

More information about the nsp-security mailing list