[nsp-sec] 10Gbps distributed UDP flood against 62.50.74.234 (AS8928)
Scott A. McIntyre
scott at xs4all.net
Thu Jun 3 13:46:26 EDT 2010
Hi Mike,
We had about a dozen or so sources in this:
> We have experienced a rather large, and distributed attack against one
> of our customers over the past couple of hours, it is actually still
> going on at this time. We have seen overall traffic levels above 10Gbps,
> mainly UDP traffic from and towards a range of ports.
>
> The targeted host is primarily 62.50.74.234.
>
> I would appreciate to hear if anybody else has some additional
> information they can provide us with, especially if this was controlled
> by known C&C.
I've shut them all down of course, and have some more data for you:
1) Started at 2010-06-03 07:44 ish UTC+0200
2) The source port for each contributing source is static per customer
3) Before you, they were aiming at 178.208.73.57 and 91.205.41.173
That latter host, 91.205.41.173, was also getting a lot of normal http
traffic from customers before the attack began, that attack began around
0130 this morning UTC+0200.
As for C&C, I'm afraid I don't have obvious hints on that -- sorry!
Anyway, we've made sure to block our customers current hammering you.
Scott A. McIntyre
XS4ALL Internet B.V.
More information about the nsp-security
mailing list