[nsp-sec] Got traffic? - DDoS towards 80.239.232.152
Yiming Gong
yiming.gong at xo.com
Thu May 20 18:28:03 EDT 2010
I see only 5 ips on our network in the past 4 hours, for tcp, mostly 48
byte syn, all target to 3724, here is the detailed breakdown.
----------------------------------------------------------------------------------+
| count(*) | sip | proto | dport | tcpflags |
size
|
+----------+---------------+-------+-------+----------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 59 | 69.24.164.147 | TCP | 3724 | ....S. |
48
|
| 27 | 69.24.164.147 | UDP | 0 | ...... |
1464,2928,4392
|
| 6 | 69.24.164.147 | UDP | 3724 | ...... |
1464
|
| 120 | 71.81.214.102 | TCP | 3724 | ...... |
47,48
|
| 59 | 71.81.214.102 | TCP | 3724 | ....S. |
48,96
|
| 325 | 71.83.39.159 | UDP | 0 | ...... |
1500,1498,1499,1491,1490,1497,1495,1493,1487,1496,1476,1486,1479,1478,1474,1485,1494,1488,9000,3000,4500,7500,16500,12000,13500,6000,15000,10500,1464,4392,2928,1481
|
| 74 | 71.83.39.159 | UDP | 3724 | ...... |
1500,1464
|
| 81 | 71.83.39.159 | UDP | 3724 | .A.... |
1500,4500,3000
|
| 15 | 97.73.237.18 | UDP | 0 | ...... |
1885,1464,427,4812,2928,421
|
| 1 | 97.73.237.18 | UDP | 3724 | ...... |
1464
|
|
Regards!
Yiming
> ----------- nsp-security Confidential --------
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Could really use some help here.
>
> ICMP/UDP and TCP Syn flood against 80.239.232.152, most likely spoofed.
>
> Anyone got anything?
>
> Cheers,
> Nick
>
>
> - --
> Nicholas Ianelli: Neustar, Inc.
> Security Operations
>
> 46000 Center Oak Plaza Sterling, VA 20166
> +1 571.434.4691 - http://www.neustar.biz
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
>
> iEYEARECAAYFAkv1lO8ACgkQi10dJIBjZID9TwCgwNUlxC5RsRNw9l+x6vZogG1n
> 5qQAmwccsy1yCcdM9lXwfyl8MFT+9yAN
> =7pUH
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>
>
More information about the nsp-security
mailing list