[nsp-sec] 10Gbps distributed UDP flood against 62.50.74.234 (AS8928)

Salusky, William william.salusky at corp.aol.com
Thu Jun 3 16:40:07 EDT 2010 

I see *one* single active dial-up user participating.  If only there
were one other active participant, finding a comms structure [if there
is one] would be simple.

I'll keep an eye on this one to see if anything distinct stands out.
Aside from the UDP flood toward the 62.x, the client in question is also
running a Limewire p2p client so needless to say it's a very noisy
little pipe.
 
----
William Salusky 
Princ. Technical Security Engineer - AOL Information Technology Security
CERT team
703-265-4924 (office) : 571-480-1933 (mobile) 
 
 

> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net 
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of 
> Mike Hellers
> Sent: Thursday, June 03, 2010 11:17 AM
> To: nsp-security at puck.nether.net
> Subject: [nsp-sec] 10Gbps distributed UDP flood against 
> 62.50.74.234 (AS8928)
> 
> ----------- nsp-security Confidential --------
> 
> Hi,
> 
>  
> 
> We have experienced a rather large, and distributed attack 
> against one of our customers over the past couple of hours, 
> it is actually still going on at this time. We have seen 
> overall traffic levels above 10Gbps, mainly UDP traffic from 
> and towards a range of ports.
> 
> The targeted host is primarily  62.50.74.234.
> 
> I would appreciate to hear if anybody else has some 
> additional information they can provide us with, especially 
> if this was controlled by known C&C.
> 
>  
> 
> ...mike
> 
>  
> 
> -- 
> 
> Mike Hellers
> 
> Interoute Communications Ltd.
> 
> Tel +44 20 7025 9396
> 
> Mob +44 7817 101 736
> 
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the 
> nsp-security community. Confidentiality is essential for 
> effective Internet security counter-measures.
> _______________________________________________
>

More information about the nsp-security mailing list