[nsp-sec] UDP/53 DDOS Traffic
King, Link
Link.King at neustar.com
Sun Apr 24 05:29:38 EDT 2011
>Targets: 204.74.108.1 & 204.74.115.1
>Proto/Port: UDP/53
>Payload: 0123456789ABCDE (malformed crap)
I've cleaned up the list below of a few verified false positives. Also:
Start: 4/24/2011 @ 01:01 UTC
End: Ongoing
17 | 128.46.16.248 | PURDUE - Purdue University
3352 | 80.58.172.158 | TELEFONICA-DATA-ESPANA Internet Access
Network of TDE
3786 | 211.234.125.26 | LGDACOM LG DACOM Corporation
4134 | 115.238.44.148 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 121.14.38.60 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 122.225.197.226 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 122.228.202.158 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 124.232.138.27 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 211.154.153.5 | CHINANET-BACKBONE No.31,Jin-rong Street
4230 | 200.166.104.165 | Embratel
4230 | 200.166.104.165 | Embratel
4538 | 162.105.149.10 | ERX-CERNET-BKB China Education and Research
Network Center
4538 | 162.105.149.10 | ERX-CERNET-BKB China Education and Research
Network Center
4538 | 202.194.15.78 | ERX-CERNET-BKB China Education and Research
Network Center
4766 | 121.130.250.198 | KIXS-AS-KR Korea Telecom
4766 | 121.130.250.198 | KIXS-AS-KR Korea Telecom
4766 | 203.229.177.59 | KIXS-AS-KR Korea Telecom
4766 | 59.3.183.46 | KIXS-AS-KR Korea Telecom
4766 | 59.3.183.46 | KIXS-AS-KR Korea Telecom
4808 | 117.79.236.72 | CHINA169-BJ CNCGROUP IP network China169
Beijing Province Network
4808 | 58.68.150.249 | CHINA169-BJ CNCGROUP IP network China169
Beijing Province Network
4847 | 124.126.51.234 | CNIX-AP China Networks Inter-Exchange
5089 | 81.101.85.121 | NTL Virgin Media Limited
5413 | 212.241.164.135 | AS5413 Daisy Communications Ltd
6582 | 216.17.193.210 | FRII - Front Range Internet Inc.
6582 | 216.17.239.141 | FRII - Front Range Internet Inc.
6717 | 212.57.234.22 | AS6717 Internet Central Limited
6717 | 212.57.234.49 | AS6717 Internet Central Limited
6849 | 93.190.44.156 | UKRTELNET JSC UKRTELECOM,
8262 | 85.14.6.135 | LIREXNET-AS Lirex net EOOD
8551 | 192.115.107.250 | BEZEQ-INTERNATIONAL-AS Bezeqint Internet
Backbone
8972 | 188.138.94.9 | PLUSSERVER-AS PlusServer AG, Germany
8972 | 188.138.94.9 | PLUSSERVER-AS PlusServer AG, Germany
9316 | 125.243.229.3 | DACOM-PUBNETPLUS-AS-KR DACOM PUBNETPLUS
9371 | 182.48.50.132 | SAKURA-C SAKURA Internet Inc.
9371 | 182.48.50.132 | SAKURA-C SAKURA Internet Inc.
9371 | 182.48.60.230 | SAKURA-C SAKURA Internet Inc.
9371 | 182.48.60.230 | SAKURA-C SAKURA Internet Inc.
10361 | 69.191.211.206 | BLOOMBERG BLOOMBERG
10361 | 69.191.211.206 | BLOOMBERG BLOOMBERG
13193 | 195.5.246.27 | ASN-NERIM Nerim SAS
13287 | 213.162.219.25 | NIXVAL NIXVAL Data Center
15555 | 80.249.166.152 | MT-DC-AS Magyar Telekom plc.
16243 | 85.158.249.125 | VIRTU-AS Virtu Secure Webservices B.V.
16243 | 85.158.249.30 | VIRTU-AS Virtu Secure Webservices B.V.
16243 | 85.158.249.30 | VIRTU-AS Virtu Secure Webservices B.V.
16339 | 212.78.81.18 | VI-UK Virtual Internet AS
16814 | 190.210.130.97 | NSS S.A.
16814 | 190.210.130.97 | NSS S.A.
17465 | 202.88.238.154 | ASIANET Cable ISP in India
17511 | 219.75.233.4 | K-OPTICOM K-Opticom Corporation
17858 | 122.41.71.141 | KRNIC-ASBLOCK-AP KRNIC
19262 | 71.246.230.5 | VZGNI-TRANSIT - Verizon Online LLC
19262 | 71.246.230.5 | VZGNI-TRANSIT - Verizon Online LLC
20746 | 83.221.103.132 | ASN-IDC IT Telecom S.p.A.
21844 | 74.52.23.26 | THEPLANET-AS - ThePlanet.com Internet
Services, Inc.
21844 | 74.52.23.26 | THEPLANET-AS - ThePlanet.com Internet
Services, Inc.
21844 | 74.52.23.26 | THEPLANET-AS - ThePlanet.com Internet
Services, Inc.
21844 | 74.55.19.130 | THEPLANET-AS - ThePlanet.com Internet
Services, Inc.
21844 | 74.55.19.130 | THEPLANET-AS - ThePlanet.com Internet
Services, Inc.
21844 | 74.55.202.242 | THEPLANET-AS - ThePlanet.com Internet
Services, Inc.
21844 | 74.55.202.242 | THEPLANET-AS - ThePlanet.com Internet
Services, Inc.
21844 | 74.55.202.242 | THEPLANET-AS - ThePlanet.com Internet
Services, Inc.
21844 | 81.95.153.182 | THEPLANET-AS - ThePlanet.com Internet
Services, Inc.
23724 | 117.79.236.72 | CHINANET-IDC-BJ-AP IDC, China
Telecommunications Corporation
24154 | 124.219.25.6 | APBT-AS-TW Asia Pacific Broadband Fixed Lines
Co., Ltd.
24940 | 78.47.197.173 | HETZNER-AS Hetzner Online AG RZ
31400 | 84.200.8.145 | ACCELERATED-IT Accelerated IT Services GmbH
31930 | 142.137.246.69 | ETSMTL - Ecole de technologie superieure
31930 | 142.137.246.69 | ETSMTL - Ecole de technologie superieure
34119 | 193.104.35.131 | WILDCARD-AS Wildcard Networks
36351 | 184.172.164.234 | SOFTLAYER - SoftLayer Technologies Inc.
37958 | 58.68.150.249 | CNNIC-CHINACACHE-AP Beijing Blue I.T
Technologies Co.,Ltd.
42549 | 79.98.30.171 | BNK-AS Baltneta
42861 | 77.91.66.218 | PRIME-LINE-AS JSC _Prime-Line_
45820 | 111.93.5.27 | TTSL-MEISISP Tata Teleservices ISP AS
46475 | 208.115.197.157 | LIMESTONENETWORKS - Limestone Networks, Inc.
46475 | 208.115.197.158 | LIMESTONENETWORKS - Limestone Networks, Inc.
46475 | 74.63.228.49 | LIMESTONENETWORKS - Limestone Networks, Inc.
46475 | 74.63.239.209 | LIMESTONENETWORKS - Limestone Networks, Inc.
46475 | 74.63.239.210 | LIMESTONENETWORKS - Limestone Networks, Inc.
46475 | 74.63.239.211 | LIMESTONENETWORKS - Limestone Networks, Inc.
47205 | 79.98.26.164 | HOSTEX HOSTEX autonomous system
47205 | 79.98.26.164 | HOSTEX HOSTEX autonomous system
48172 | 188.127.239.23 | OVERSUN-MERCURY Oversun-Mercury Ltd
48172 | 188.127.239.23 | OVERSUN-MERCURY Oversun-Mercury Ltd
48185 | 62.193.224.142 | AMEN AMEN DEDICATED
48185 | 62.193.224.142 | AMEN AMEN DEDICATED
--
Link King
link.king at neustar.com
More information about the nsp-security
mailing list