[nsp-sec] Ongoing attack against 95.172.6.180

David Freedman david.freedman at uk.clara.net
Sat Nov 13 19:39:06 EST 2010 

Hi all, this has been going on again this evening, starting around 21:30 UTC
and currently ongoing, following sources:

7136    | 140.99.35.6      | ONLY - Only Networking Inc. (ONLY2-DOM)
15003   | 173.234.163.25   | NOBIS-TECH - Nobis Technology Group, LLC
26347   | 173.236.134.83   | DREAMHOST-AS - New Dream Network, LLC
33552   | 204.14.88.44     | FLUIDHOSTING - Fluid Hosting LLC
20923   | 212.84.188.50    | SKYMARKET-UK-AS Skymarket UK ISP
29550   | 213.175.195.240  | SIMPLYTRANSIT Simply Transit Ltd
6939    | 216.218.226.194  | HURRICANE - Hurricane Electric, Inc.
46475   | 69.162.114.2     | LIMESTONENETWORKS - Limestone Networks, Inc.
13213   | 83.170.113.117   | UK2NET-AS UK-2 Ltd Autonomous System

>For 13213, I see the traffic in the flows so I'm going to send this to =
>the Bad News Team.  Running against 29550 now, will do the same if =
>spotted.  The first thing I checked to see if that the attack against =
>you had stopped (it has).

Andy, I see those two are back again :(

Dave.


On 07/11/2010 16:25, "Chris Morrow" <morrowc at ops-netman.net> wrote:

> David has a corp-mail-issue, which I think we helped resolve, but... in
> the case that this is still ongoing:
> 
> On Sat, 6 Nov 2010 21:24:00 -0000
> "David Freedman" <david.freedman at eu.clara.net> wrote:
> 
>> From: "David Freedman" <david.freedman at eu.clara.net>
>> To: <nsp-security at puck.nether.net>
>> Subject: Ongoing attack against 95.172.6.180
>> Date: Sat, 6 Nov 2010 20:01:02 -0000
>> 
>> Would appreciate it any sources are spotted and nuked, top talkers so
>> far:
>> 
>> 
>> 29550   | 213.175.195.240  | SIMPLYTRANSIT Simply Transit Ltd
>> 13213   | 83.170.113.117   | UK2NET-AS UK-2 Ltd Autonomous System
>> 47205   | 79.98.24.160     | HOSTEX HOSTEX autonomous system
>> 9931    | 122.155.7.128    | CAT-AP The Communication Authoity of
>> Thailand, CAT 6939    | 216.218.226.194  | HURRICANE - Hurricane
>> Electric, Inc.
>> 
>> Seems to be random UDP
>> 
>> Dave.
>> 
>> ------------------------------------------------
>> David Freedman
>> Group Network Engineering
>> Claranet Limited
>> http://www.clara.net

--

David Freedman
Group Network Engineering

david.freedman at uk.clara.net
Tel +44 (0) 20 7685 8000

Claranet Group
21 Southampton Row
London - WC1B 5HA - UK
http://www.claranet.com

Company Registration: 3152737 - Place of registration: England

All the information contained within this electronic message from Claranet
Ltd is covered by the disclaimer at http://www.claranet.co.uk/disclaimer

More information about the nsp-security mailing list