[nsp-sec] packet love from akrino
Jan Boogman
boogman at ip-plus.net
Thu Mar 25 17:21:41 EDT 2010
we're currently getting some packet love
16:15 - 17:38 (GMT+1) ~600kpps
source ip src port dest ip dst port protocol flags
91.202.63.158/32 1024 - 1279 mxzhh.bluewin.ch (195.186.19.144/32) 25 (smtp) tcp (6) (0x00)
19:22 (GMT+1) Ongoing ~170kpps
91.202.63.158/32 1024 - 1279 www.ip-plus.net (164.128.36.65/32) 80 (www-http) tcp (6) SAR (0x16)
we receive all the packets through CW over the De-CIX.
The originating AS is registered in Russia
AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name
44571 | 91.202.63.158 | 91.202.63.0/24 | RU | ripencc | 2008-02-07 | AKRINO-AS Akrino Inc
but the inetnum is hosted in the British Virgin Islands:
inetnum: 91.202.60.0 - 91.202.63.255
netname: AKRINO-NET
descr: Akrino Inc
country: VG
org: ORG-AI38-RIPE
admin-c: IVM27-RIPE
tech-c: IVM27-RIPE
status: ASSIGNED PI
notify: noc.akrino at gmail.com
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-by: MNT-AKRINO
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-routes: MNT-AKRINO
mnt-domains: MNT-AKRINO
changed: hostmaster at ripe.net 20080207
source: RIPE
Any intel into C&C etc is appreciated
Thanks
Jan
--
Jan Boogman
Swisscom - IP-Plus Internet Services - AS3303
More information about the nsp-security
mailing list