[nsp-sec] Got DDoS? - Target: 80.239.232.154 port 6112/TCP
sthaug at nethelp.no
sthaug at nethelp.no
Thu Jun 10 03:19:03 EDT 2010
> These attacks continue on, any one seeing traffic to: 80.239.232.154
> port 6112/TCP?
>
> I would love to find the C2 if possible.
6 hosts here for the last 9 hours, numbers based on 1:1000 sampling:
# IPaddr flows octets packets
#
77.110.199.152 257 15074 323
77.110.193.133 117 7241 123
195.204.170.62 57 2978 63
80.89.54.197 58 3484 63
195.1.183.199 18 966 18
193.71.122.219 10 448 10
Yesterday:
# IPaddr flows octets packets
#
91.149.57.116 82 4751 90
82.194.204.45 78 4648 86
85.113.160.92 65 4860 71
77.110.193.133 63 4022 67
85.221.107.140 55 3218 57
85.221.109.132 50 3607 53
195.204.138.70 45 2933 51
85.221.108.217 46 3022 47
195.204.138.120 36 2371 39
195.0.180.149 33 1946 35
82.146.69.201 20 1142 25
77.110.241.183 23 1332 23
80.89.52.159 21 1132 22
77.222.173.65 17 991 19
195.1.183.211 19 1033 19
193.69.70.52 17 800 17
85.252.236.76 15 928 16
77.222.195.66 15 666 15
195.204.240.249 15 947 15
80.89.54.197 11 698 14
193.90.60.89 12 721 14
193.90.172.221 9 586 11
195.204.170.62 9 460 9
81.191.144.167 8 478 9
85.252.236.68 6 307 6
195.0.216.128 4 228 4
193.69.238.192 3 120 3
78.26.6.101 2 94 2
188.113.70.47 1 48 1
82.194.207.155 1 40 1
178.248.97.181 1 40 1
81.93.109.249 1 40 1
Steinar Haug, AS 2116 / AS 3307
More information about the nsp-security
mailing list