[nsp-sec] On-going DDoS
Jonas Thambert
jonas.thambert at sitic.se
Sat May 22 15:02:17 EDT 2010
We have an on-going DDoS from Singlehop. Alof of packets. UDP, so src can be spoofed.
Any C&C control traffic is of great value.
IN (CEST)
> 15:41:02.129186 69.175.94.106.60478 > 194.9.94.153.80: udp 15 (DF)
> 15:41:02.129188 69.175.94.106.60478 > 194.9.94.153.80: udp 15 (DF)
> 15:41:02.129310 69.175.94.106.60478 > 194.9.94.153.80: udp 15 (DF)
We also have DDoS traffic from these hosts against the same network:
83.168.219.69 | origin-as 35041 (83.168.216.0/21) | Virtual servers network 1 in malmoe
129.7.203.37 | origin-as 7276 (129.7.192.0/19) | University of Houston
68.71.45.12 | origin-as 10929 (68.71.32.0/20) | XTN X Traffic Networks Inc.
72.52.79.2 | origin-as 6939 (72.52.64.0/18) | Hurricane Electric, Inc.
Regards Jonas
More information about the nsp-security
mailing list