[nsp-sec] Flows toward 80.168.92.133
David Freedman
david.freedman at uk.clara.net
Wed Nov 10 20:07:27 EST 2010
Well, seems we have a second incident this week, this time destined towards
another customer (though strangely towards a machine which doesn't appear to
provide a public service and therefore we wouldn't expect to see traffic
towards it),
Attack started yesterday (9th) at just before 19:00 UTC and subsided almost
ten hours later at around 08:00 the following day (10th), there appeared to
only be one main source, 159.84.211.5 which was on RENATER, the French NREN,
I dropped a mail to certsvp at renater.fr yesterday but received no response
(is there anybody on there from here? I can't imagine why it would take so
long for a response team to respond!)
Anyway, it started back up for an hour between 21:00 and 22:00 UTC in the
evening (of the 10th) with the following sources as top talkers:
1955 | 193.224.130.179 | HBONE-AS HUNGARNET
17506 | 221.252.11.218 | UCOM UCOM Corp.
4713 | 222.151.218.104 | OCN NTT Communications Corporation
4134 | 60.191.228.221 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 60.191.29.110 | CHINANET-BACKBONE No.31,Jin-rong Street
14141 | 66.71.246.250 | WIRESIX - WireSix, Inc.
32181 | 69.65.42.217 | ASN-ECOMD-COLOQUEST - Ecomdevel, LLC
14141 | 98.142.209.156 | WIRESIX - WireSix, Inc.
Any assistance that can be provided would be appreciated, we are still
mystified by the choice of target as it isn't reachable (by policy) and
doesn't serve any useful purpose!
--
David Freedman
Group Network Engineering
david.freedman at uk.clara.net
Tel +44 (0) 20 7685 8000
Claranet Group
21 Southampton Row
London - WC1B 5HA - UK
http://www.claranet.com
Company Registration: 3152737 - Place of registration: England
All the information contained within this electronic message from Claranet
Ltd is covered by the disclaimer at http://www.claranet.co.uk/disclaimer
More information about the nsp-security
mailing list