[nsp-sec] Flows to 208.78.69.76, 91.198.22.76, 203.62.195.76
sthaug at nethelp.no
sthaug at nethelp.no
Sun Aug 29 09:28:38 EDT 2010
> Some of our nameserver infrastructure is taking some real packet love this AM, and it doesn't appear spoofed, surprisingly. We're reviewing source IP addresses now, but wondering if people can look for some flows:
>
> ns3.mydyndns.org, 208.78.68.76, over 3gbit/sec
>
> ns4.mydyndns.org, 91.198.22.76, over 2gbit/sec
>
> ns5.mydyndns.org, 203.62.195.76, unknown
Confirmed for at least the following hosts within AS 2116 / AS 3307 and
customers thereof:
81.191.3.236
81.191.29.132
81.191.42.139
81.191.100.172
81.191.130.145
81.191.152.217
82.116.68.80
82.116.77.47
82.116.80.83
82.194.198.155
85.252.216.138
87.252.68.18
88.84.49.244
188.113.120.176
193.90.78.16
Blocked and handed off to abuse.
Steinar Haug, AS 2116 / AS 3307
More information about the nsp-security
mailing list