[nsp-sec] 10Gbps distributed UDP flood against 62.50.74.234 (AS8928)
Matsuzaki Yoshinobu
maz at iij.ad.jp
Fri Jun 4 01:00:16 EDT 2010
> ----------- nsp-security Confidential --------
>
>> > The targeted host is primarily 62.50.74.234.
>> >
>> > I would appreciate to hear if anybody else has some additional
>> > information they can provide us with, especially if this was controlled
>> > by known C&C.
>>
>> One of our customers seems to be sending a lot of UDP packets to that IP address, different ports
>
> Same here, my guess this is attack traffic even though it's only about 2.5 Mbps:
I had about 100 or so cusotmres sending the traffic, total 800Mbps at
this moment. similar profile, 2~25Mbps per host, udp, different dst
ports. We've blocked them, and are contacting the customers.
started about 2010-06-03 05:35 UTC
traffic doubled about 2010-06-03 11:00 UTC
Regards,
-----
Matsuzaki Yoshinobu <maz at iij.ad.jp>
- IIJ/AS2497 INOC-DBA: 2497*629
More information about the nsp-security
mailing list