[nsp-sec] UDP/53 DDOS Traffic
King, Link
Link.King at neustar.com
Sat Apr 23 23:21:31 EDT 2011
Hi folks.
We're the not so happy recipient of around 4 million pps with the
following characteristics:
Targets: 204.74.108.1 & 204.74.115.1
Proto/Port: UDP/53
Payload: 0123456789ABCDE (malformed crap)
The list below is the vast majority of the traffic. These are
authoritative resolvers and at this point it's under control so no action
needed but any forensic data anyone has would be appreciated. Not sure if
it's spoofed or not. Source list:
17 | 128.46.16.248 | PURDUE - Purdue University
3352 | 80.58.172.158 | TELEFONICA-DATA-ESPANA Internet Access
Network of TDE
3786 | 211.234.125.26 | LGDACOM LG DACOM Corporation
4134 | 115.238.44.148 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 121.14.38.60 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 122.225.197.226 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 122.228.202.158 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 124.232.138.27 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 211.154.153.5 | CHINANET-BACKBONE No.31,Jin-rong Street
4230 | 200.166.104.165 | Embratel
4230 | 200.166.104.165 | Embratel
4538 | 162.105.149.10 | ERX-CERNET-BKB China Education and Research
Network Center
4538 | 162.105.149.10 | ERX-CERNET-BKB China Education and Research
Network Center
4538 | 202.194.15.78 | ERX-CERNET-BKB China Education and Research
Network Center
4766 | 121.130.250.198 | KIXS-AS-KR Korea Telecom
4766 | 121.130.250.198 | KIXS-AS-KR Korea Telecom
4766 | 203.229.177.59 | KIXS-AS-KR Korea Telecom
4766 | 59.3.183.46 | KIXS-AS-KR Korea Telecom
4766 | 59.3.183.46 | KIXS-AS-KR Korea Telecom
4808 | 117.79.236.72 | CHINA169-BJ CNCGROUP IP network China169
Beijing Province Network
4808 | 58.68.150.249 | CHINA169-BJ CNCGROUP IP network China169
Beijing Province Network
4847 | 124.126.51.234 | CNIX-AP China Networks Inter-Exchange
5089 | 81.101.85.121 | NTL Virgin Media Limited
5413 | 212.241.164.135 | AS5413 Daisy Communications Ltd
6128 | 167.206.254.14 | CABLE-NET-1 - Cablevision Systems Corp.
6582 | 216.17.193.210 | FRII - Front Range Internet Inc.
6582 | 216.17.239.141 | FRII - Front Range Internet Inc.
6717 | 212.57.234.22 | AS6717 Internet Central Limited
6717 | 212.57.234.49 | AS6717 Internet Central Limited
6849 | 93.190.44.156 | UKRTELNET JSC UKRTELECOM,
8262 | 85.14.6.135 | LIREXNET-AS Lirex net EOOD
8551 | 192.115.107.250 | BEZEQ-INTERNATIONAL-AS Bezeqint Internet
Backbone
8972 | 188.138.94.9 | PLUSSERVER-AS PlusServer AG, Germany
8972 | 188.138.94.9 | PLUSSERVER-AS PlusServer AG, Germany
9316 | 125.243.229.3 | DACOM-PUBNETPLUS-AS-KR DACOM PUBNETPLUS
9371 | 182.48.50.132 | SAKURA-C SAKURA Internet Inc.
9371 | 182.48.50.132 | SAKURA-C SAKURA Internet Inc.
9371 | 182.48.60.230 | SAKURA-C SAKURA Internet Inc.
9371 | 182.48.60.230 | SAKURA-C SAKURA Internet Inc.
10361 | 69.191.211.206 | BLOOMBERG BLOOMBERG
10361 | 69.191.211.206 | BLOOMBERG BLOOMBERG
13193 | 195.5.246.27 | ASN-NERIM Nerim SAS
13287 | 213.162.219.25 | NIXVAL NIXVAL Data Center
15555 | 80.249.166.152 | MT-DC-AS Magyar Telekom plc.
16243 | 85.158.249.125 | VIRTU-AS Virtu Secure Webservices B.V.
16243 | 85.158.249.30 | VIRTU-AS Virtu Secure Webservices B.V.
16243 | 85.158.249.30 | VIRTU-AS Virtu Secure Webservices B.V.
16339 | 212.78.81.18 | VI-UK Virtual Internet AS
16509 | 72.21.217.64 | AMAZON-02 - Amazon.com, Inc.
16509 | 72.21.217.64 | AMAZON-02 - Amazon.com, Inc.
16509 | 72.21.217.96 | AMAZON-02 - Amazon.com, Inc.
16814 | 190.210.130.97 | NSS S.A.
16814 | 190.210.130.97 | NSS S.A.
17465 | 202.88.238.154 | ASIANET Cable ISP in India
17511 | 219.75.233.4 | K-OPTICOM K-Opticom Corporation
17858 | 122.41.71.141 | KRNIC-ASBLOCK-AP KRNIC
19262 | 71.246.230.5 | VZGNI-TRANSIT - Verizon Online LLC
19262 | 71.246.230.5 | VZGNI-TRANSIT - Verizon Online LLC
20746 | 83.221.103.132 | ASN-IDC IT Telecom S.p.A.
21844 | 74.52.23.26 | THEPLANET-AS - ThePlanet.com Internet
Services, Inc.
21844 | 74.52.23.26 | THEPLANET-AS - ThePlanet.com Internet
Services, Inc.
21844 | 74.52.23.26 | THEPLANET-AS - ThePlanet.com Internet
Services, Inc.
21844 | 74.55.19.130 | THEPLANET-AS - ThePlanet.com Internet
Services, Inc.
21844 | 74.55.19.130 | THEPLANET-AS - ThePlanet.com Internet
Services, Inc.
21844 | 74.55.202.242 | THEPLANET-AS - ThePlanet.com Internet
Services, Inc.
21844 | 74.55.202.242 | THEPLANET-AS - ThePlanet.com Internet
Services, Inc.
21844 | 74.55.202.242 | THEPLANET-AS - ThePlanet.com Internet
Services, Inc.
21844 | 81.95.153.182 | THEPLANET-AS - ThePlanet.com Internet
Services, Inc.
23724 | 117.79.236.72 | CHINANET-IDC-BJ-AP IDC, China
Telecommunications Corporation
24154 | 124.219.25.6 | APBT-AS-TW Asia Pacific Broadband Fixed Lines
Co., Ltd.
24940 | 78.47.197.173 | HETZNER-AS Hetzner Online AG RZ
31400 | 84.200.8.145 | ACCELERATED-IT Accelerated IT Services GmbH
31930 | 142.137.246.69 | ETSMTL - Ecole de technologie superieure
31930 | 142.137.246.69 | ETSMTL - Ecole de technologie superieure
34119 | 193.104.35.131 | WILDCARD-AS Wildcard Networks
36351 | 184.172.164.234 | SOFTLAYER - SoftLayer Technologies Inc.
37958 | 58.68.150.249 | CNNIC-CHINACACHE-AP Beijing Blue I.T
Technologies Co.,Ltd.
42549 | 79.98.30.171 | BNK-AS Baltneta
42861 | 77.91.66.218 | PRIME-LINE-AS JSC _Prime-Line_
45820 | 111.93.5.27 | TTSL-MEISISP Tata Teleservices ISP AS
46475 | 208.115.197.157 | LIMESTONENETWORKS - Limestone Networks, Inc.
46475 | 208.115.197.158 | LIMESTONENETWORKS - Limestone Networks, Inc.
46475 | 74.63.228.49 | LIMESTONENETWORKS - Limestone Networks, Inc.
46475 | 74.63.239.209 | LIMESTONENETWORKS - Limestone Networks, Inc.
46475 | 74.63.239.210 | LIMESTONENETWORKS - Limestone Networks, Inc.
46475 | 74.63.239.211 | LIMESTONENETWORKS - Limestone Networks, Inc.
47205 | 79.98.26.164 | HOSTEX HOSTEX autonomous system
47205 | 79.98.26.164 | HOSTEX HOSTEX autonomous system
48172 | 188.127.239.23 | OVERSUN-MERCURY Oversun-Mercury Ltd
48172 | 188.127.239.23 | OVERSUN-MERCURY Oversun-Mercury Ltd
48185 | 62.193.224.142 | AMEN AMEN DEDICATED
48185 | 62.193.224.142 | AMEN AMEN DEDICATED
Thanks!
--
Link King
link.king at neustar.com
More information about the nsp-security
mailing list